[Documentation:System] HTTP/2 Changes #438
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 tasks
bmcutler
reviewed
Aug 26, 2022
Viyerelu23333
force-pushed
the
sysadmin-note-http2
branch
from
338571f to
3f425eb
Compare
2 tasks
cjreed121
approved these changes
Dec 12, 2023
…sadmin-note-http2
…thub.io into sysadmin-note-http2
bmcutler
added a commit
to Submitty/Submitty
that referenced
this pull request
Dec 13, 2023
### Please check if the PR fulfills these requirements: * [x] Tests for the changes have been added/updated (if possible) * [x] Documentation has been updated/added if relevant (Submitty/submitty.github.io#438) ### What is the current behavior? Closes #3850 Currently, the Apache2 serves all content in HTTP/1.1. And the server uses `prefork` as the multiprocessing module. The module is introduced by `mod_php`, which is not used in production. ### What is the new behavior? Most browsers only support HTTP/2 when the TLS is enabled. The script will also enable HTTPS feature in the development environment. If a browser does not support HTTP/2, then the server will serve contents in HTTP/1.1. Developers could use `dev-upgrade-h2.sh` to change the HTTP version: - `dev-upgrade-h2.sh up`: Upgrade After upgrading, the server uses TLS and HTTP/2; or HTTP/1.1 + TLS if a browser does not support `h2`. - `dev-upgrade-h2.sh down`: Downgrade The server uses HTTP/1.1, or HTTP/2 over TCP (`h2c`) if a browser supports `h2c`. `mod_php` will be disabled and another multiprocessing module (`mpm_event`) will be used in Apache2. This is effective before upgrading/downgrading. ### Other information? - NGINX The NGINX server still serves WebSocket traffics with HTTP/1.1. **Note that** most browsers could not trust WebSocket traffics with self-signed certificates. If you are dealing with WebSocket related features, there are some workarounds: - Copy the certs from VM and trust it on your host system; OR - Trust/Ignore the certificates on browsers; OR - Downgrade to HTTP/1.1 using `.setup/dev-upgrade-h2.sh down`. Trusting/ignoring certificates on browsers: - For Chrome, start Chrome with `--ignore-certificate-errors` option. - For Firefox... 1. trust the certificate when the warning pops up; 2. type `https://localhost:8443/ws` and select trust again. This will not impact the production as it is equipped with standard certificates from the trusted CA. - Performance Tuning, Production See documentations above. --------- Co-authored-by: Shail Patel <shailpatel67@gmail.com> Co-authored-by: Viane Matsibekker <117249183+04vmatsibekker@users.noreply.github.com> Co-authored-by: Barb Cutler <bmcutler@users.noreply.github.com> Co-authored-by: Chris Reed <55092742+cjreed121@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Submitty/Submitty#7940