Set HTTP2 as default if SSL is enabled and add deprecation log if SSL is not enabled or protocol is set to HTTP1 #204384
Conversation
jesuswr
added
Feature:http
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
| @@ -26,14 +26,15 @@ describe('configuration deprecations', () => { | |||
| }); | |||
|
|
|||
| if (getFips() === 0) { | |||
| it('should not log deprecation warnings for default configuration', async () => { | |||
| it('should log one warning for default configuration, the http/tls deprecation warning', async () => { | |||
There was a problem hiding this comment.
Is it ok to have deprecation warnings on default config? Seems ok since the issue is to log when http2 or tls are not enabled but tls can't be enabled by default
There was a problem hiding this comment.
Generally we wouldn't want to log a deprecation right "out of the box" after installing Kibana. But given that TLS is such an important security configuration I think this is fine
| addDeprecation({ | ||
| level: 'warning', | ||
| title: `Consider enabling TLS and using HTTP/2 to improve security and performance.`, | ||
| configPath: `${fromPath}.protocol,${fromPath}.ssl.enabled`, |
There was a problem hiding this comment.
Added one deprecation for both config values since they are related
| @@ -26,14 +26,15 @@ describe('configuration deprecations', () => { | |||
| }); | |||
|
|
|||
| if (getFips() === 0) { | |||
| it('should not log deprecation warnings for default configuration', async () => { | |||
| it('should log one warning for default configuration, the http/tls deprecation warning', async () => { | |||
There was a problem hiding this comment.
Generally we wouldn't want to log a deprecation right "out of the box" after installing Kibana. But given that TLS is such an important security configuration I think this is fine
rudolf
added
release_note:enhancement
and removed
release_note:skip
packages/core/http/core-http-server-internal/src/http_config.ts
Outdated
Show resolved
Hide resolved
|
@lcawl Can you help us feature this in the 9 release notes (or breaking changes?). It's not a breaking change per se, but there is some risk that users with more exotic deployment configurations where Kibana is running behind a proxy could see problems. So out of caution we need to just make them aware of this so that they can test their deployment setup. Something like: The Kibana server will now default to using the HTTP2 protocol (when TLS is enabled) for improved browser loading times. If your Kibana server is hosted behind a load balancer or reverse proxy we recommend testing your deployment configuration before upgrading to 9.0. |
If it's not a breaking change, it could perhaps be included in the v9 release notes as a "known issue" like https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0.html#known-issue-8.0.0 or https://www.elastic.co/guide/en/kibana/7.17/release-notes-7.17.0.html#known-issue-7.17.0 |
Co-authored-by: Rudolf Meijering <[email protected]>
|
@lcawl how can I include this as a "known issue"? |
|
Thanks! @jloleysens |
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Async chunks
Page load bundle
History
cc @jesuswr |
rudolf
changed the title
… is not enabled or protocol is set to HTTP1 (elastic#204384) ## Summary resolves elastic#194067 Set HTTP2 as default if ssl is enabled. resolves elastic#194065 Add deprecation log if ssl is not enabled or if protocol is set to http1 <img width="1665" alt="Screenshot 2024-12-17 at 17 06 50" src="https://github.com/user-attachments/assets/3bc7ff57-1079-4a27-90d2-88f3e09093d6" /> <img width="1727" alt="Screenshot 2024-12-17 at 17 06 22" src="https://github.com/user-attachments/assets/d5489705-6cd6-4e09-8327-fdd0f54292ea" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Rudolf Meijering <[email protected]>
Summary
resolves #194067
Set HTTP2 as default if ssl is enabled.
resolves #194065
Add deprecation log if ssl is not enabled or if protocol is set to http1
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesIdentify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.