-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP2 support #3938
Comments
Closing. NGINX does not support HTTP/1.x and HTTP/2 at the same time on a cleartext (non-TLS) port. |
Has there been any development regarding this issue? We would like to terminate TLS before our cluster and route both HTTP/1.1 and HTTP/2 traffic. |
@ThreeFx this is not something we can add. This is an NGINX issue, not the ingress controller. |
I understand that, but adding e.g. an Other than adding two Ingresses (one per protocol) we are out of luck I guess, or do you have any idea how to solve that? |
HTTP/2 is enabled by default when you terminate TLS in the ingress controller. |
Yes, but we do not terminate TLS at the Ingress level, we terminate it before the HTTP request even hits the cluster. However, we need to be able to route both HTTP/2 and HTTP/1.1 requests in plaintext, something I understand NGINX is incapable of. Thus the question: How can we get the benefits of routing HTTP/1.1 and HTTP/2? Re-crypting the traffic from our TLS-terminating routers to our backend seems like a waste of CPU cycles, and the only other option I see is configuring two different Ingresses, one with HTTP/2 enabled and one with disabled HTTP/2. Or maybe you have a better idea? |
No. Your re-encryption idea is the only way. Or you can just expose the service you need without an ingress controller, using a load balancer and terminating TLS at a different level. |
Alright, that's a shame... Thanks for the help! |
Could you document that the default is |
HI Team, |
Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/.):
What keywords did you search in NGINX Ingress controller issues before filing this one? (If you have found any duplicates, you should instead reply there.):
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
NGINX Ingress controller version:
0.22.0
Kubernetes version (use
kubectl version
):1.14.0
Environment:
Cloud provider or hardware configuration: Thinkpad T580
OS (e.g. from /etc/os-release): Ubuntu 18.10
Kernel (e.g.
uname -a
): Linux khteh-T580 4.18.0-16-generic Documentation: setting up ingress on metal with the right, secure CNI configuration #17-Ubuntu SMP Fri Feb 8 00:06:57 UTC 2019 x86_64 x86_64 x86_64 GNU/LinuxInstall tools:
Others:
What happened:
Does current nginx ingress controller support HTTP2 with both TCP and TLS?
curl -v --http2 localhost/myapi/myendpoint
shows that it is using http/1.1curl -v --insecure --http2 https://localhost/myapi/myendpoint
shows it is using http2This is in contrast with AWS ALB ingress controller where both TCP and TLS work.
W.r.t #2189 I have not added the
use-http2
annotation. Is it enabled by default?What you expected to happen:
HTTP2 works with both TCP and TLS.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know:
kubernetes-sigs/aws-load-balancer-controller#892
The text was updated successfully, but these errors were encountered: