mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-13 14:52:47 +00:00
Internal HTTP APIs over H2C (#1541)
* H2C on internal HTTP because SCIENCE * Update comments
This commit is contained in:
parent
7ca89ef511
commit
24e38c4135
2 changed files with 29 additions and 2 deletions
1
go.mod
1
go.mod
|
@ -40,6 +40,7 @@ require (
|
||||||
github.com/yggdrasil-network/yggdrasil-go v0.3.15-0.20201006093556-760d9a7fd5ee
|
github.com/yggdrasil-network/yggdrasil-go v0.3.15-0.20201006093556-760d9a7fd5ee
|
||||||
go.uber.org/atomic v1.6.0
|
go.uber.org/atomic v1.6.0
|
||||||
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
|
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
|
||||||
|
golang.org/x/net v0.0.0-20200528225125-3c3fba18258b
|
||||||
gopkg.in/h2non/bimg.v1 v1.1.4
|
gopkg.in/h2non/bimg.v1 v1.1.4
|
||||||
gopkg.in/yaml.v2 v2.3.0
|
gopkg.in/yaml.v2 v2.3.0
|
||||||
)
|
)
|
||||||
|
|
|
@ -15,8 +15,10 @@
|
||||||
package setup
|
package setup
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
@ -25,6 +27,8 @@ import (
|
||||||
"github.com/matrix-org/dendrite/internal/httputil"
|
"github.com/matrix-org/dendrite/internal/httputil"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
|
"golang.org/x/net/http2"
|
||||||
|
"golang.org/x/net/http2/h2c"
|
||||||
|
|
||||||
"github.com/matrix-org/dendrite/internal"
|
"github.com/matrix-org/dendrite/internal"
|
||||||
"github.com/matrix-org/dendrite/userapi/storage/accounts"
|
"github.com/matrix-org/dendrite/userapi/storage/accounts"
|
||||||
|
@ -107,7 +111,22 @@ func NewBaseDendrite(cfg *config.Dendrite, componentName string, useHTTPAPIs boo
|
||||||
logrus.WithError(err).Warnf("Failed to create cache")
|
logrus.WithError(err).Warnf("Failed to create cache")
|
||||||
}
|
}
|
||||||
|
|
||||||
apiClient := http.Client{Timeout: time.Minute * 10}
|
apiClient := http.Client{
|
||||||
|
Timeout: time.Minute * 10,
|
||||||
|
Transport: &http2.Transport{
|
||||||
|
AllowHTTP: true,
|
||||||
|
DialTLS: func(network, addr string, _ *tls.Config) (net.Conn, error) {
|
||||||
|
// Ordinarily HTTP/2 would expect TLS, but the remote listener is
|
||||||
|
// H2C-enabled (HTTP/2 without encryption). Overriding the DialTLS
|
||||||
|
// function with a plain Dial allows us to trick the HTTP client
|
||||||
|
// into establishing a HTTP/2 connection without TLS.
|
||||||
|
// TODO: Eventually we will want to look at authenticating and
|
||||||
|
// encrypting these internal HTTP APIs, at which point we will have
|
||||||
|
// to reconsider H2C and change all this anyway.
|
||||||
|
return net.Dial(network, addr)
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
client := http.Client{Timeout: HTTPClientTimeout}
|
client := http.Client{Timeout: HTTPClientTimeout}
|
||||||
if cfg.FederationSender.Proxy.Enabled {
|
if cfg.FederationSender.Proxy.Enabled {
|
||||||
client.Transport = &http.Transport{Proxy: http.ProxyURL(&url.URL{
|
client.Transport = &http.Transport{Proxy: http.ProxyURL(&url.URL{
|
||||||
|
@ -269,10 +288,17 @@ func (b *BaseDendrite) SetupAndServeHTTP(
|
||||||
internalServ := externalServ
|
internalServ := externalServ
|
||||||
|
|
||||||
if internalAddr != NoListener && externalAddr != internalAddr {
|
if internalAddr != NoListener && externalAddr != internalAddr {
|
||||||
|
// H2C allows us to accept HTTP/2 connections without TLS
|
||||||
|
// encryption. Since we don't currently require any form of
|
||||||
|
// authentication or encryption on these internal HTTP APIs,
|
||||||
|
// H2C gives us all of the advantages of HTTP/2 (such as
|
||||||
|
// stream multiplexing and avoiding head-of-line blocking)
|
||||||
|
// without enabling TLS.
|
||||||
|
internalH2S := &http2.Server{}
|
||||||
internalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
|
internalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
|
||||||
internalServ = &http.Server{
|
internalServ = &http.Server{
|
||||||
Addr: string(internalAddr),
|
Addr: string(internalAddr),
|
||||||
Handler: internalRouter,
|
Handler: h2c.NewHandler(internalRouter, internalH2S),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue