Merge pull request #143 from chriswilliams13/http2_enabling

Added initial http2 functionality
UKHomeOffice · Oct 19, 2021 · 2951814 · 2951814
2 parents d4ab1fd + d770367
commit 2951814
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -100,6 +100,7 @@ This is useful when testing or for development instances or when a load-balancer
 * `SSL_SESSION_TIMEOUT` - Specifies a time during which a client may reuse the session parameters (defaults to 10min)
 * `HTTP_LISTEN_PORT` - Change the default inside the container from 10080.
 * `HTTPS_LISTEN_PORT` - Change the default inside the container from 10443.
+* `HTTP2` - Defaults to false `FALSE`. Specifies whether http2 should be used
 * `HTTPS_REDIRECT` - Toggle whether or not we force redirects to HTTPS.  Defaults to true.
 * `ALLOW_COUNTRY_CSV` - List of [country codes](http://dev.maxmind.com/geoip/legacy/codes/iso3166/) to allow.
 * `STATSD_METRICS` - Toggle if metrics are logged to statsd (defaults to true)

diff --git a/build.sh b/build.sh
@@ -87,6 +87,7 @@ pushd openresty
             --add-module="../naxsi/naxsi_src" \
             --add-module="../nginx-statsd" \
             --with-http_realip_module \
+            --with-http_v2_module \
             --with-http_stub_status_module
 make install
 popd

diff --git a/ci-build.sh b/ci-build.sh
@@ -604,6 +604,34 @@ else
   echo "Testing VERBOSE_ERROR_PAGES works..."
 fi
 
+start_test "Test to ensure HTTP/2 is enabled when HTTP2 is set to true" "${STD_CMD} \
+           -e \"PROXY_SERVICE_HOST=http://${MOCKSERVER}\" \
+           -e \"PROXY_SERVICE_PORT=${MOCKSERVER_PORT}\" \
+           -e \"DNSMASK=TRUE\" \
+           -e \"ENABLE_UUID_PARAM=FALSE\" \
+           -e \"HTTP2=TRUE\" \
+           --link \"${MOCKSERVER}:${MOCKSERVER}\" "
+if curl -kv https://${DOCKER_HOST_NAME}:${PORT}/ 2>&1 | grep 'HTTP/2 200' ; then
+  echo "Testing HTTP2 Works"
+else
+  echo "HTTP2 didnt work"
+  exit 1
+fi
+
+start_test "Test to ensure HTTP/2 is disabled when HTTP2 is set to false" "${STD_CMD} \
+           -e \"PROXY_SERVICE_HOST=http://${MOCKSERVER}\" \
+           -e \"PROXY_SERVICE_PORT=${MOCKSERVER_PORT}\" \
+           -e \"DNSMASK=TRUE\" \
+           -e \"ENABLE_UUID_PARAM=FALSE\" \
+           -e \"HTTP2=FALSE\" \
+           --link \"${MOCKSERVER}:${MOCKSERVER}\" "
+if ! curl -kv https://${DOCKER_HOST_NAME}:${PORT}/ 2>&1 | grep 'HTTP/2 200' ; then
+  echo "Testing HTTP2 FALSE Flag Works"
+else
+  echo "HTTP2 FALSE didnt work"
+  exit 1
+fi
+
 echo "_________________________________"
 echo "We got here, ALL tests successful"
 clean_up
diff --git a/defaults.sh b/defaults.sh
@@ -11,6 +11,7 @@ export SSL_PROTOCOLS=${SSL_PROTOCOLS:-'TLSv1.2'}
 export SSL_SESSION_TIMEOUT=${SSL_SESSION_TIMEOUT:-'10m'}
 export HTTP_LISTEN_PORT=${HTTP_LISTEN_PORT:-10080}
 export HTTPS_LISTEN_PORT=${HTTPS_LISTEN_PORT:-10443}
+export HTTP2=${HTTP2:-'FALSE'}
 export HTTPS_REDIRECT=${HTTPS_REDIRECT:-'TRUE'}
 export NO_LOGGING_BODY=${NO_LOGGING_BODY:-'TRUE'}
 export NO_LOGGING_RESPONSE=${NO_LOGGING_RESPONSE:-'TRUE'}

diff --git a/go.sh b/go.sh
@@ -6,6 +6,13 @@ export LOG_UUID=FALSE
 
 . /defaults.sh
 
+if [ "$HTTP2" = "TRUE" ]; then
+    HTTP2="http2"
+else
+    HTTP2=""
+fi
+
+
 cat > ${NGIX_CONF_DIR}/server_certs.conf <<-EOF_CERT_CONF
     ssl_certificate     ${SERVER_CERT};
     ssl_certificate_key ${SERVER_KEY};
@@ -51,7 +58,7 @@ else
     export REMOTE_IP_VAR="remote_addr"
     cat >> ${NGIX_LISTEN_CONF} <<-EOF-LISTEN-NONPP
 		listen ${HTTP_LISTEN_PORT};
-		listen ${HTTPS_LISTEN_PORT} ssl;
+		listen ${HTTPS_LISTEN_PORT} ssl ${HTTP2};
 		set \$real_client_ip_if_set '';
 	EOF-LISTEN-NONPP
 fi