V2: Force http2 unencrypted on an UDS path bind

Zetanova · April 2, 2020, 9:54am

1. My Caddy version (`caddy version`):

caddy v2 beta (docker caddy/caddy)

2. How I run Caddy:

Kubernetes plugin

a. System environment:

docker + kubernetes/kubelet

d. My complete Caddyfile or JSON config:

http://

log {
    level DEBUG
}

#tls internal {
#    alpn h2
#    on_demand
#}

bind unix//csi/caddy.sock

reverse_proxy unix//csi/csi.sock {
    header_up Host localhost
    #transport grpc
}

3. The problem I’m having:

the golang-gRPC client is connecting directly over UDS
It requires only http2 unencrypted

There is no option to force http2 and unencrypted.

4. Error messages and/or full log output:

{"level":"info","ts":1585819933.9361951,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1585819933.9576204,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["localhost:2019"]} 
2020/04/02 09:32:13 [INFO][cache:0xc000156280] Started certificate maintenance routine
{"level":"info","ts":1585819933.957991,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1585819933.9583864,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1585819933.9583986,"msg":"serving initial configuration"}
{"level":"error","ts":1585819934.2176893,"logger":"http.log.error","msg":"net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x00\\x00\\b\\a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\"","request":{"method":"PRI","uri":"*","proto":"HTTP/2.0","remote_addr":"@","host":"","headers":{}},"status":502,"err_id":"yu18fjish","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
{"level":"error","ts":1585819934.2177327,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PRI","uri":"*","proto":"HTTP/2.0","remote_addr":"@","host":"","headers":{}},"common_log":"@ - - [02/Apr/2020:09:32:14 +0000] \"PRI * HTTP/2.0\" 502 0","latency":0.0306497,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}
{"level":"error","ts":1585819934.2177327,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PRI","uri":"*","proto":"HTTP/2.0","remote_addr":"@","host":"","headers":{}},"common_log":"@ - - [02/Apr/2020:09:32:14 +0000] \"PRI * HTTP/2.0\" 502 0","latency":0.0306497,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

5. What I already tried:

tls internal {
    alpn h2
    on_demand
}

6. Links to relevant resources:

https://github.com/caddyserver/caddy/issues/2999

Zetanova · April 2, 2020, 12:10pm

I miss interpreted the error message,
caddy is trying to forward the request to the upstream

But somehow does not overwrite the Host header “:authority” in http2

Zetanova · April 2, 2020, 11:00pm

caddy2 is trying to forword the socket http2 grpc connection with http1.1

Other Caddyfile

http://

log {
    level DEBUG
}

#tls internal {
#    alpn h2
#    on_demand
#}

bind unix//csi/csi.sock

reverse_proxy {
    to http://127.0.0.1:5216
}

ErrorMessage

{"level":"error","ts":1585868154.3463953,"logger":"http.log.error.log0","msg":"net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x00\\x00\\b\\a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\"","request":{"method":"PRI","uri":"*","proto":"HTTP/2.0","remote_addr":"@","host":"","headers":{}},"status":502,"err_id":"cpnkerw9t","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
{"level":"error","ts":1585868154.346476,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"PRI","uri":"*","proto":"HTTP/2.0","remote_addr":"@","host":"","headers":{}},"common_log":"@ - - [02/Apr/2020:22:55:54 +0000] \"PRI * HTTP/2.0\" 502 0","latency":0.006089691,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

Zetanova · April 3, 2020, 12:30am

caddy2 is always trying to make a http1.1 to the upstream proxy.
I know that h2c should not be used normal case,
but if the upstream is a UDS its more or less the default.

I tried to set json config without success:

...
"transport": {
   "protocol": "http",
   "versions": ["2"]
}
...

Zetanova · April 3, 2020, 1:15am

I wrote a feature proposal under Add h2c support for an upstream · Issue #3218 · caddyserver/caddy · GitHub that would resolve my problem

matt · April 3, 2020, 5:38am

Hey, welcome –

Thank you for researching this functionality! That will make this much easier going forward.

system · May 3, 2020, 5:38am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.