[jetty-users] Proxy from H2 to 1.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Proxy from H2 to 1.1

From: Travis Spencer <travis.spencer@xxxxxxxxx>
Date: Thu, 30 Jul 2020 11:46:25 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

We are trying to add H2 support to our server that embeds Jetty. This
works perfectly except in the case where we proxy to downstream
services. For a couple routes, we forward to an HTTP (not HTTPS)
server and a server that doesn't support H2. In these cases, the proxy
request fails since non-SSL with H2 isn't supported by the one origin
server and the other only accepts 1.1.

So, my question is, how in our AsyncProxyServlet subclass should we
specify that the proxy requests should use HTTP 1.1 and not H2? ATM,
the proxied request seems to always use whatever version the client
used when communicating with the proxy servlet.

Here's an example of the case where we proxy from H2 to the HTTP
(non-SSL) server:

MyGoodTransparentProxyServlet:70 1739107573 rewriting:
https://localhost:5555/etc/etc -> http://localhost:8889/etc/etc
MyGoodTransparentProxyServlet:5555 1739107573 proxying to upstream:
GET /etc/etc HTTP/2.0
authorization: Basic <snip>
host: localhost:5555
user-agent: curl/7.54.0

HttpRequest[GET /etc/etc HTTP/2.0]@6926472f
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: https
X-Forwarded-Host: localhost:5555
X-Forwarded-Server: 0:0:0:0:0:0:0:1
Via: 2.0 Y762xIGev8Am
Authorization: Basic <snip>

When access the downstream HTTP 1.1 server, the client and proxy
request looks like this:

MyGoodTransparentProxyServlet:70 474713221 rewriting:
https://localhost:5555/mygood-api ->
https://remote.example.com:443/some-other-good-api
MyGoodApiTransparentProxyServlet:555 474713221 proxying to upstream:
GET /mygood-api HTTP/2.0
te: trailers
accept-language: en-US,en;q=0.5
host: localhost:5555
content-type: application/json
cache-control: no-cache
accept-encoding: gzip, deflate, br
pragma: no-cache
accept: application/json, text/plain, */*

HttpRequest[GET /some-other-good-api HTTP/2.0]@8c22593
accept-language: en-US,en;q=0.5
content-type: application/json
cache-control: no-cache
pragma: no-cache
accept: application/json, text/plain, */*
X-Forwarded-For: 0:0:0:0:0:0:0:1
X-Forwarded-Proto: https
X-Forwarded-Host: localhost:5555
X-Forwarded-Server: 0:0:0:0:0:0:0:1
Via: 2.0 Y762xIGev8Am

Note the Via header as well. I could not call addProxyHeaders in my
subclass anymore because that calls addViaHeader, which seems to have
a few bugs in it:

* HTTP is used when RFC 7230 says it shouldn't be except when the
protocol isn't HTTP (there's no MUST on this, but, in section 5.7.1,
it says "For brevity, the protocol-name is omitted when the received
protocol is HTTP.")
* "null" is used if ViaHost isn't configured. Instead, a pseudonym
should be used
* The protocol version is hard coded to be 1.1 when, in my case at
least, it should be 2.0.

I can make a ticket (and send a PR) for the above, if the maintainers
agree that these are bugs.

TIA!

Follow-Ups:
- Re: [jetty-users] Proxy from H2 to 1.1
  - From: Simone Bordet
- Re: [jetty-users] Proxy from H2 to 1.1
  - From: Simone Bordet

Prev by Date: Re: [jetty-users] How to access the HttpSender's HttpChannel?
Next by Date: Re: [jetty-users] Proxy from H2 to 1.1
Previous by thread: [jetty-users] How to access the HttpSender's HttpChannel?
Next by thread: Re: [jetty-users] Proxy from H2 to 1.1
Index(es):
- Date
- Thread

Breadcrumbs