feat: support listen http2 with plaintext #3547
Conversation
sysulq
changed the title
apisix/cli/ops.lua
Outdated
| yaml_conf.apisix.node_listen = node_listen | ||
| elseif type(yaml_conf.apisix.node_listen) == "table" then | ||
| if type(yaml_conf.apisix.node_listen[1]) == "number" then |
There was a problem hiding this comment.
Cannot capture your mean for this if.
There was a problem hiding this comment.
I think we should check every item, what if the user mixes the integer and the table?
There was a problem hiding this comment.
Only support port with number parameter?
|
|
||
|
|
||
|
|
||
| === TEST 5: support listen multiple ports with array |
There was a problem hiding this comment.
Need to add tests in t/grpc-proxy-test.sh.
And need to update the doc/grpc-proxy.md
conf/config.yaml
Outdated
| @@ -31,6 +31,12 @@ | |||
| # | |||
| # If the configured environment variable can't be found, an error will be thrown. | |||
| apisix: | |||
| node_listen: | |||
| - port: 9080 # APISIX listening port | |||
There was a problem hiding this comment.
We should provide the configuration separately in:
apisix/cli/ops.lua
Outdated
| yaml_conf.apisix.node_listen = node_listen | ||
| elseif type(yaml_conf.apisix.node_listen) == "table" then | ||
| if type(yaml_conf.apisix.node_listen[1]) == "number" then |
There was a problem hiding this comment.
I think we should check every item, what if the user mixes the integer and the table?
doc/grpc-proxy.md
Outdated
| @@ -36,7 +36,8 @@ gRPC client -> APISIX -> gRPC/gRPCS server | |||
| Here's an example, to proxying gRPC service by specified route: | |||
|
|
|||
| * attention: the `scheme` of the route's upstream must be `grpc` or `grpcs`. | |||
| * attention: APISIX use TLS‑encrypted HTTP/2 to expose gRPC service, so need to [config SSL certificate](https.md) | |||
| * attention: APISIX use TLS‑encrypted HTTP/2 to expose gRPC service (default port 9443), so need to [config SSL certificate](https.md) | |||
| * attention: APISIX also support to expose gRPC service with plaintext HTTP/2 (default port 9081), which do not need to config SSL certificate, usually used to proxy gRPC service in intranet environment | |||
There was a problem hiding this comment.
Need a configuration to show how we can do it.
conf/config.yaml
Outdated
| - port: 9080 # APISIX listening port | ||
| enable_http2: false # Disable to support HTTP proxy, nginx currently do not support HTTP and HTTP/2 with plaintext on the same port | ||
| # Details can be found in https://trac.nginx.org/nginx/ticket/816 | ||
| - port: 9081 # APISIX listening port for HTTP/2 with plaintext |
There was a problem hiding this comment.
Don't open a port for HTTP/2 by default.
|
Need to resolve the conflict, so that CI can start. |
sysulq
force-pushed
the
feature/grpc-proxy-plaintext
branch
from
e3f90e5
to
6d6cbf7
Compare
doc/grpc-proxy.md
Outdated
| @@ -37,6 +37,7 @@ Here's an example, to proxying gRPC service by specified route: | |||
|
|
|||
| * attention: the `scheme` of the route's upstream must be `grpc` or `grpcs`. | |||
| * attention: APISIX use TLS‑encrypted HTTP/2 to expose gRPC service, so need to [config SSL certificate](https.md) | |||
| * attention: APISIX also support to expose gRPC service with plaintext HTTP/2, which do not need to config SSL certificate, usually used to proxy gRPC service in intranet environment | |||
There was a problem hiding this comment.
which do not need to config SSL certificate => which doesn't rely on ALPN/NPN extensions in TLS/SSL protocol.
There was a problem hiding this comment.
Maybe this is a little hard to understand for user...? Maybe it's enough to mention in doc that this feature is supported, and show how to configure it?
There was a problem hiding this comment.
What about "which doesn't rely on TLS/SSL"?
| elseif type(yaml_conf.apisix.node_listen) == "table" then | ||
| local node_listen = {} | ||
| for index, value in ipairs(yaml_conf.apisix.node_listen) do | ||
| if type(value) == "number" then |
There was a problem hiding this comment.
Is the number type really needed? I think the following way is enough.
node_listen:
- port: 9080
- port: 9180
enable_http2: trueThere was a problem hiding this comment.
We need to be backward compatibility unless it is a bugfix.
There was a problem hiding this comment.
I mean the element type inside node_listen, not the node_listen itself.
There was a problem hiding this comment.
We can also be compatible with this format:
node_listen:
- 9080
- 9081
What this PR does / why we need it:
Details can be found in #3496.
Pre-submission checklist: