This repository has been archived by the owner on Dec 7, 2020. It is now read-only.
Gatekeeper switches the protocol from HTTP2 to HTTP1 when using TLS #575
Comments
|
I have seen issues of |
|
I'm the original creator of this issue. Please ping me if further information is required. |
|
Does Gatekeeper/louketo support gRPC? |
|
Hit this problem again. What are the plans for HTTP 2.0 and gRPC support in the proxy? |
|
So, the cause is: Line 631 in 9eca196 combined with https://github.com/golang/go/blob/2bc8d90fa21e9547aeb0f0ae775107dc8e05dc0a/src/net/http/transport.go#L353-L360 which says not to enable HTTP2 if a TLSCLientConfig is set. Solution appears to be simple: add ForceAttemptHTTP2: trueto the Transport configuration |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What:
I currently have an issue with Gatekeeper and gRPC requests. It seems that Gatekeeper switches the protocol from HTTP2 to HTTP1 when talking with upstream.
I think this issue has to do with: golang/go#21336 (comment)
Here is the relevant code: https://github.com/golang/go/blob/c522b2bec9e6186a8efb7ddd221295390638a18e/src/net/http/transport.go#L220
{code:java}
if t.TLSClientConfig != nil || t.Dial != nil || t.DialTLS != nil {
// Be conservative and don't automatically enable
// http2 if they've specified a custom TLS config or
// custom dialers. Let them opt-in themselves via
// http2.ConfigureTransport so we don't surprise them
// by modifying their tls.Config. Issue 14275.
return
}
{code}
If a SSL cert is set, the http.Transport implementation will not automatically enable HTTP2.
Here is the discussion from the forum: https://keycloak.discourse.group/t/does-gatekeeper-proxy-grpc-requests/1606
Reference:
The text was updated successfully, but these errors were encountered: