feat(core) enabled support for HTTP/2

Tobyxu · Jun 22, 2017 · 4424146 · 4424146
1 parent 04e5127
commit 4424146
Show file tree

Hide file tree

Showing 7 changed files with 46 additions and 3 deletions.
diff --git a/.ci/setup_env.sh b/.ci/setup_env.sh
@@ -60,6 +60,7 @@ if [ ! "$(ls -A $OPENRESTY_INSTALL)" ]; then
     "--with-http_ssl_module"
     "--with-http_realip_module"
     "--with-http_stub_status_module"
+    "--with-http_v2_module"
   )
 
   if [ "$OPENRESTY" != "1.11.2.1" ]; then

diff --git a/kong.conf.default b/kong.conf.default
@@ -136,6 +136,9 @@
                                  # the SSL key for the `proxy_listen_ssl`
                                  # address.
 
+#http2 = off                     # Enables HTTP2 support for HTTPS traffic on
+                                 # the `proxy_listen_ssl` address.
+
 #client_ssl = off                # Determines if Nginx should send client-side
                                  # SSL certificates when proxying requests.
 
@@ -167,6 +170,9 @@
                                  # to the SSL key for the `admin_listen_ssl`
                                  # address.
 
+#admin_http2 = off               # Enables HTTP2 support for HTTPS traffic on
+                                 # the `admin_listen_ssl` address.
+
 #upstream_keepalive = 60         # Sets the maximum number of idle keepalive
                                  # connections to upstream servers that are
                                  # preserved in the cache of each worker

diff --git a/kong/cmd/utils/prefix_handler.lua b/kong/cmd/utils/prefix_handler.lua
@@ -109,6 +109,9 @@ local function compile_conf(kong_config, conf_template)
   compile_env = pl_tablex.merge(compile_env, kong_config, true) -- union
   compile_env.dns_resolver = table.concat(compile_env.dns_resolver, " ")
 
+  compile_env.http2 = kong_config.http2 and " http2" or ""
+  compile_env.admin_http2 = kong_config.admin_http2 and " http2" or ""
+
   local post_template = pl_template.substitute(conf_template, compile_env)
   return string.gsub(post_template, "(${%b{}})", function(w)
     local name = w:sub(4, -3)

diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -102,6 +102,8 @@ local CONF_INFERENCES = {
   dns_error_ttl = {typ = "number"},
   dns_no_sync = {typ = "boolean"},
 
+  http2 = {typ = "boolean"},
+  admin_http2 = {typ = "boolean"},
   ssl = {typ = "boolean"},
   client_ssl = {typ = "boolean"},
   admin_ssl = {typ = "boolean"},

diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua
@@ -17,6 +17,7 @@ nginx_worker_processes = auto
 nginx_optimizations = on
 nginx_daemon = on
 mem_cache_size = 128m
+http2 = off
 ssl = on
 ssl_cert = NONE
 ssl_cert_key = NONE
@@ -25,6 +26,7 @@ client_ssl_cert = NONE
 client_ssl_cert_key = NONE
 ssl_cipher_suite = modern
 ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+admin_http2 = off
 admin_ssl = on
 admin_ssl_cert = NONE
 admin_ssl_cert_key = NONE

diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua
@@ -80,9 +80,9 @@ server {
 
 > if ssl then
 > if real_ip_header == "proxy_protocol" then
-    listen ${{PROXY_LISTEN_SSL}} proxy_protocol ssl;
+    listen ${{PROXY_LISTEN_SSL}} proxy_protocol ssl${{HTTP2}};
 > else
-    listen ${{PROXY_LISTEN_SSL}} ssl;
+    listen ${{PROXY_LISTEN_SSL}} ssl${{HTTP2}};
 > end
     ssl_certificate ${{SSL_CERT}};
     ssl_certificate_key ${{SSL_CERT_KEY}};
@@ -173,7 +173,7 @@ server {
     client_body_buffer_size 10m;
 
 > if admin_ssl then
-    listen ${{ADMIN_LISTEN_SSL}} ssl;
+    listen ${{ADMIN_LISTEN_SSL}} ssl${{ADMIN_HTTP2}};
     ssl_certificate ${{ADMIN_SSL_CERT}};
     ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
     ssl_protocols TLSv1.1 TLSv1.2;

diff --git a/spec/01-unit/003-prefix_handler_spec.lua b/spec/01-unit/003-prefix_handler_spec.lua
@@ -78,6 +78,35 @@ describe("NGINX conf compiler", function()
       assert.matches("listen 0.0.0.0:80;", kong_nginx_conf, nil, true)
       assert.matches("listen 127.0.0.1:8001;", kong_nginx_conf, nil, true)
     end)
+    it("enables HTTP/2", function()
+      local conf = assert(conf_loader(helpers.test_conf_path, {
+        http2 = true,
+        admin_http2 = true
+      }))
+      local kong_nginx_conf = prefix_handler.compile_kong_conf(conf)
+      assert.matches("listen 0.0.0.0:9000;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9443 ssl http2;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9001;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:8444 ssl http2;", kong_nginx_conf, nil, true)
+
+      conf = assert(conf_loader(helpers.test_conf_path, {
+        http2 = true,
+      }))
+      kong_nginx_conf = prefix_handler.compile_kong_conf(conf)
+      assert.matches("listen 0.0.0.0:9000;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9443 ssl http2;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9001;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:8444 ssl;", kong_nginx_conf, nil, true)
+
+      conf = assert(conf_loader(helpers.test_conf_path, {
+        admin_http2 = true
+      }))
+      kong_nginx_conf = prefix_handler.compile_kong_conf(conf)
+      assert.matches("listen 0.0.0.0:9000;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9443 ssl;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:9001;", kong_nginx_conf, nil, true)
+      assert.matches("listen 0.0.0.0:8444 ssl http2;", kong_nginx_conf, nil, true)
+    end)
     it("disables SSL", function()
       local conf = assert(conf_loader(helpers.test_conf_path, {
         ssl = false,