From 846951713c218707875a8d434e0077d9eebbff90 Mon Sep 17 00:00:00 2001 From: Merric de Launey Date: Thu, 8 Apr 2021 17:07:22 +0000 Subject: [PATCH] WIP: Envoy proxy handles HTTP/2 - This configuration works for apps that speak h2c, but does not work for HTTP/1.1-only apps [#177586568] [cloudfoundry/routing-release#200] Co-authored-by: Greg Cobb --- depot/containerstore/proxy_config_handler.go | 1 + depot/containerstore/proxy_config_handler_test.go | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/depot/containerstore/proxy_config_handler.go b/depot/containerstore/proxy_config_handler.go index 231b54ca..a2986e3d 100644 --- a/depot/containerstore/proxy_config_handler.go +++ b/depot/containerstore/proxy_config_handler.go @@ -462,6 +462,7 @@ func generateListeners(container executor.Container, requireClientCerts bool) ([ tlsContext := &envoy_tls.DownstreamTlsContext{ RequireClientCertificate: &wrappers.BoolValue{Value: requireClientCerts}, CommonTlsContext: &envoy_tls.CommonTlsContext{ + AlpnProtocols: []string{"h2,http/1.1"}, TlsCertificateSdsSecretConfigs: []*envoy_tls.SdsSecretConfig{ { Name: "server-cert-and-key", diff --git a/depot/containerstore/proxy_config_handler_test.go b/depot/containerstore/proxy_config_handler_test.go index d75406cf..5f8ada64 100644 --- a/depot/containerstore/proxy_config_handler_test.go +++ b/depot/containerstore/proxy_config_handler_test.go @@ -635,7 +635,7 @@ var _ = Describe("ProxyConfigHandler", func() { } }) - It("creates the appropriate proxy config file", func() { + FIt("creates the appropriate proxy config file", func() { err := proxyConfigHandler.Update(containerstore.Credential{Cert: "cert", Key: "key"}, container) Expect(err).NotTo(HaveOccurred()) Eventually(proxyConfigFile).Should(BeAnExistingFile()) @@ -869,6 +869,7 @@ func (l expectedListener) check(listener *envoy_listener.Listener) { Expect(filterChain.TransportSocket.Name).To(Equal(l.name)) Expect(downstreamTlsContext.RequireClientCertificate.Value).To(Equal(l.requireClientCertificate)) + Expect(downstreamTlsContext.CommonTlsContext.AlpnProtocols).To(Equal([]string{"h2,http/1.1"})) Expect(downstreamTlsContext.CommonTlsContext.TlsCertificateSdsSecretConfigs).To(ConsistOf( &envoy_tls.SdsSecretConfig{ Name: "server-cert-and-key",