在Spring Boot中使用Tomcat启用http2 [英] Enable http2 with Tomcat in Spring Boot

问题描述

Tomcat 8.5 ，这将是 Spring Boot 1.4 中的默认值，（将于明天发布）支持 http2 。

Tomcat 8.5, which will be the default in Spring Boot 1.4, (to be released tomorrow) supports http2.

怎样才能在 http2 中启用 Spring Boot 申请？

How can http2 be enabled in a Spring Boot application?

推荐答案

最优雅，最佳表现方式启用 HTTP / 2 ，其中包含一个Spring Boot应用程序。

The most elegant and best-performing way to enable HTTP/2 with a Spring Boot application follows here.

首先，正如Andy Wilkinson的答案所述，你需要在Tomcat级别启用HTTP / 2：

First, as mentioned in Andy Wilkinson's answer, you need to enable HTTP/2 at Tomcat level:

@Bean
public EmbeddedServletContainerCustomizer tomcatCustomizer() {
    return (container) -> {
        if (container instanceof TomcatEmbeddedServletContainerFactory) {
            ((TomcatEmbeddedServletContainerFactory) container)
                    .addConnectorCustomizers((connector) -> {
                connector.addUpgradeProtocol(new Http2Protocol());
            });
        }
    };
}

如果你没有使用嵌入式Tomcat，你可以设置HTTP / 2听起来像这样：

In case you are not using an embedded Tomcat, you can set up HTTP/2 listening like this:

<Connector port="5080" protocol="HTTP/1.1" connectionTimeout="20000">
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>

请记住，您需要Tomcat> = 8.5。

然后，你应该在Tomcat面前使用 HAProxy （版本> = 1.7）来照顾加密。

Then, you should use HAProxy (version >= 1.7) in front of Tomcat to take care of encryption.

客户端将对HAProxy说https，而HAProxy将根据客户端的要求向后端发出明文HTTP / 1.1或HTTP / 2。
没有不必要的协议翻译。

The client will speak https to HAProxy, and HAProxy will speak cleartext HTTP/1.1 or HTTP/2 to the backend, as the client requested. There will be no unnecessary protocol translations.

匹配的HAProxy配置在这里：

The matching HAProxy-configuration is here:

# Create PEM: cat cert.crt cert.key ca.crt > /etc/ssl/certs/cert.pem

global
    tune.ssl.default-dh-param 2048
    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    chroot /var/lib/haproxy
    user haproxy
    group haproxy

defaults
    timeout connect 10000ms
    timeout client 60000ms
    timeout server 60000ms

frontend fe_https
    mode tcp
    rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
    rspadd X-Frame-Options:\ DENY
    bind *:443 ssl crt /etc/ssl/certs/cert.pem alpn h2,http/1.1
    default_backend be_http

backend be_http
    mode tcp
    server domain 127.0.0.1:8080
    compression algo gzip
    compression type text/html text/css text/javascript application/json

这篇关于在Spring Boot中使用Tomcat启用http2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！