Enable HTTP2 with Tomcat in Spring Boot

Question

Tomcat 8.5, which will be the default in Spring Boot 1.4, supports HTTP/2. How can HTTP/2 be enabled in a Spring Boot application? Answer The most elegant and best-performing way to enable HTTP/2 with a Spring Boot application follows here. First, as mentioned in Andy Wilkinson's answer, you need to enable HTTP/2 at Tomcat level: In case you are not

Accepted Answer

The most elegant and best-performing way to enable HTTP/2 with a Spring Boot application follows here.First, as mentioned in Andy Wilkinson’s answer, you need to enable HTTP/2 at Tomcat level:@Beanpublic EmbeddedServletContainerCustomizer tomcatCustomizer() { return (container) -> { if (container instanceof TomcatEmbeddedServletContainerFactory) { ((TomcatEmbeddedServletContainerFactory) container) .addConnectorCustomizers((connector) -> { connector.addUpgradeProtocol(new Http2Protocol()); }); } };}In case you are not using an embedded Tomcat, you can set up HTTP/2 listening like this: Remember that you need Tomcat >= 8.5.Then, you should use HAProxy (version >= 1.7) in front of Tomcat to take care of encryption.The client will speak https to HAProxy, and HAProxy will speak cleartext HTTP/1.1 or HTTP/2 to the backend, as the client requested.There will be no unnecessary protocol translations.The matching HAProxy-configuration is here:# Create PEM: cat cert.crt cert.key ca.crt > /etc/ssl/certs/cert.pemglobal tune.ssl.default-dh-param 2048 ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS chroot /var/lib/haproxy user haproxy group haproxydefaults timeout connect 10000ms timeout client 60000ms timeout server 60000msfrontend fe_https mode tcp rspadd Strict-Transport-Security: max-age=31536000; includeSubDomains; preload rspadd X-Frame-Options: DENY bind *:443 ssl crt /etc/ssl/certs/cert.pem alpn h2,http/1.1 default_backend be_httpbackend be_http mode tcp server domain 127.0.0.1:8080 # compression algo gzip # does not work in mode "tcp" # compression type text/html text/css text/javascript application/jsonEdit 2019I face two problems when using mode “tcp”Compression does not work, since it depends on mode http. So the backend has to take care of itThe backend can not see the client’s IP-address. Probably I need NAT. Still investigating…Generally, since haproxy proxies a lower level tcp connection, there is no access to any http stuff

Advertisement

Answer