Pull request: 4931-http-2-unencrypted

Closes #4930. Updates #4931. * commit '27b0251b5b8c1097d53b20a67569bb9bb6ff8bff': home: imp docs all: doc changes add support for plain h2c
2022-09-19 17:26:01 +03:00 · 2022-09-19 17:26:01 +03:00 · 9ffe078703
parent 42bd0615c2 27b0251b5b
commit 9ffe078703
2 changed files with 20 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -20,7 +20,13 @@ and this project adheres to
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
  operation have been disabled ([#2993]).

+### Added
+
+- Support for plain (unencrypted) HTTP/2 ([#4930]).  This is useful for AdGuard
+  Home installations behind a reverse proxy.
+
 [#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#4930]: https://github.com/AdguardTeam/AdGuardHome/issues/4930



--- a/internal/home/web.go
+++ b/internal/home/web.go
@ -15,6 +15,8 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
 )

 // HTTP scheme constants.
@ -167,12 +169,15 @@ func (web *Web) Start() {
 		printHTTPAddresses(schemeHTTP)
 		errs := make(chan error, 2)

+		// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
+		hdlr := h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), &http2.Server{})
+
+		// Create a new instance, because the Web is not usable after Shutdown.
 		hostStr := web.conf.BindHost.String()
-		// we need to have new instance, because after Shutdown() the Server is not usable
 		web.httpServer = &http.Server{
 			ErrorLog:          log.StdLog("web: plain", log.DEBUG),
 			Addr:              netutil.JoinHostPort(hostStr, web.conf.BindPort),
-			Handler:           withMiddlewares(Context.mux, limitRequestBody),
+			Handler:           hdlr,
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 			WriteTimeout:      web.conf.WriteTimeout,
@ -202,10 +207,16 @@ func (web *Web) startBetaServer(hostStr string) {
 		return
 	}

+	// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
+	hdlr := h2c.NewHandler(
+		withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
+		&http2.Server{},
+	)
+
 	web.httpServerBeta = &http.Server{
 		ErrorLog:          log.StdLog("web: plain: beta", log.DEBUG),
 		Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
-		Handler:           withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
+		Handler:           hdlr,
 		ReadTimeout:       web.conf.ReadTimeout,
 		ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 		WriteTimeout:      web.conf.WriteTimeout,