I’m trying to enable http2 (also referred to as hc2/gRPC depending on context). My platform is kubernetes and everything is setup as a container.
- My ingress is managed by traefik v2 and it already has Let’s Encrypt setup and working correctly
- Because I’m using FPM-PHP, I have an nginx container which is proxying the results to the actual nextcloud container. Since traefik does the SSL termination, traefik communicates with the nginx container over port 80 and the nginx has the upstream php provider set to the nextcloud container on port 9000.
Now I want to enable HTTP2. In traefik that should be already be essentially ready to go, it seems like all I need to add to the Ingressroute is scheme h2c:
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: nextcloud namespace: nextcloud spec: entryPoints: - websecure routes: - match: Host(`test1.domain.com`) kind: Rule services: - name: nginx-next port: 443 scheme: h2c tls: certResolver: default
The issue I have is that on nginx, in order to enable http2, you have to have it listen on port 443 and use ssl, which also requires the use of certificates. I experimented with changing the listen directive to this:
listen 443 ssl http2; listen [::]:443 ssl http2;
but by itself it failed because it needs a certificate if you have ssl enabled. I then tried to give it an self signed certificate but that is giving me an “internal server error” with the following logs:
10.42.0.23 - - [16/Jan/2020:22:24:10 +0000] "PRI * HTTP/2.0" 400 157 "-" "-" "-" 10.42.0.23 - - [16/Jan/2020:22:24:21 +0000] "PRI * HTTP/2.0" 400 157 "-" "-" "-"
Traefik logs don’t show any errors
Does anyone have a guide to setting up http2 when using a reverse proxy and also a separate nginx proxy for FPM?