From 40c4a5d2e24ace712d6a1fd6e3124c0a6d7e3dd9 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Tue, 19 Apr 2016 15:41:39 +0200 Subject: [PATCH] adding mod_proxy_http2 build support and some documentation --- ChangeLog | 1 + README.md | 46 +++++++++++- mod-h2.xcodeproj/project.pbxproj | 8 +++ mod_http2/Makefile.am | 26 ++++++- mod_http2/h2_proxy_session.c | 2 +- mod_http2/h2_util.c | 120 +++++++++++++++++++++++++++++++ mod_http2/h2_util.h | 4 ++ mod_http2/mod_proxy_http2.c | 10 +-- 8 files changed, 206 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 86a9dec3..88a329a7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ v1.5.0 -------------------------------------------------------------------------------- + * mod_proxy_http2 for backend HTTP/2 connections, currently cleartext only * new "bucket beam" technology to transport buckets across threads without buffer copy. * delaying response start until flush or enough body data has been accumulated. diff --git a/README.md b/README.md index a71646e6..6efc2bce 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,10 @@ Copyright (C) 2015, 2016 greenbytes GmbH -This repository contains the `mod_h[ttp]2` from Apache httpd as a standalone build. +This repository contains `mod_h[ttp]2` and `mod_proxy_h[ttp]2` from Apache httpd as a standalone build. ##Status -**An official Apache httpd module**, first released in 2.4.17. See [Apache downloads](https://httpd.apache.org/download.cgi) to get a released version. +**`mod_h[ttp]2` is an official Apache httpd module**, first released in 2.4.17. See [Apache downloads](https://httpd.apache.org/download.cgi) to get a released version. `mod_proxy_h[ttp]2` is part of Apache httpd development, but has not been released yet. What you find here are **early experience versions** for people who like living on the edge and want to help me test not yet released changes. @@ -38,6 +38,46 @@ If you do not have that or don't know how to get it, look at google, stackoverfl See ```ChangeLog``` for details. +##`mod_proxy_http2` + +This module is part of the Apache httpd proxy architecture and functions similar to `mod_proxy_http` +and friends. To configure it, you need to use ```h2:``` or ```h2c:``` in the proxy URL. Example: +(***Important***: against httpd 2.4.20, only ```h2c:``` connections will work!) +``` + + BalancerMember "h2://test.example.org:SUBST_PORT_HTTPS_SUBST" + + + BalancerMember "h2c://test.example.org:SUBST_PORT_HTTP_SUBST" + + + + ProxyPass "/h2proxy" "balancer://h2-local" + ProxyPassReverse "/h2proxy" "balancer://h2-local" + ProxyPass "/h2cproxy" "balancer://h2c-local" + ProxyPassReverse "/h2cproxy" "balancer://h2c-local" + +``` +This will only work under the following conditions: +* the backend speaks HTTP/2, the module will not fallback to HTTP/1.1 +* the backend supports HTTP/2 direct mode (see also ```H2Direct``` directive of ```mod_http2```) + +All other commond httpd ```proxy``` directives also apply. + +What it will ***not*** do and what is ***untested***: +* fallback to HTTP/1.1 +* support TLS backend connections with Apache httpd 2.4.20 (some necessary changes for ALPN negotiation were not backported) +* be very smart when the number of concurrent streams in the backend differs from the local settings +* load balance between open connections dynamically +* forward any HTTP/2 priority information +* support HTTP/2 PUSH from the backend + +What it ***will*** do: +* work with frontend HTTP/1.1 connections +* reuse open HTTP/2 connections from the balancer +* with a frontent HTTP/2 connection, all streams against the same backend will be handled in a single thread. + + ##Documenation There is the official [Apache documentation](https://httpd.apache.org/docs/2.4/en/mod/mod_http2.html) of the module, which you will not find here. @@ -67,7 +107,7 @@ SPDY protocol. And without Tatsuhiro Tsujikawa excellent nghttp2 work, this would not have been possible. -Münster, 18.04.2016, +Münster, 19.04.2016, Stefan Eissing, greenbytes GmbH diff --git a/mod-h2.xcodeproj/project.pbxproj b/mod-h2.xcodeproj/project.pbxproj index 837ad6e1..7adc4d1b 100644 --- a/mod-h2.xcodeproj/project.pbxproj +++ b/mod-h2.xcodeproj/project.pbxproj @@ -20,6 +20,10 @@ B25096C21CC4E66F002E8B04 /* h2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = h2.h; sourceTree = ""; }; B25096C41CC4F132002E8B04 /* h2_bucket_beam.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = h2_bucket_beam.c; sourceTree = ""; }; B25096C51CC4F132002E8B04 /* h2_bucket_beam.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = h2_bucket_beam.h; sourceTree = ""; }; + B25096C61CC65E27002E8B04 /* h2_proxy_session.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = h2_proxy_session.c; sourceTree = ""; }; + B25096C71CC65E27002E8B04 /* h2_proxy_session.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = h2_proxy_session.h; sourceTree = ""; }; + B25096C81CC65E27002E8B04 /* mod_proxy_http2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mod_proxy_http2.c; sourceTree = ""; }; + B25096C91CC65E27002E8B04 /* mod_proxy_http2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mod_proxy_http2.h; sourceTree = ""; }; B25574691BEB6EFC0058F97B /* config.h.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = config.h.in; sourceTree = ""; }; B255746A1BEB6EFC0058F97B /* h2_alt_svc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = h2_alt_svc.c; sourceTree = ""; }; B255746B1BEB6EFC0058F97B /* h2_alt_svc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = h2_alt_svc.h; sourceTree = ""; }; @@ -138,6 +142,8 @@ B25096C01CC4E66F002E8B04 /* h2_ngn_shed.c */, B25096C11CC4E66F002E8B04 /* h2_ngn_shed.h */, B25574821BEB6EFC0058F97B /* h2_private.h */, + B25096C61CC65E27002E8B04 /* h2_proxy_session.c */, + B25096C71CC65E27002E8B04 /* h2_proxy_session.h */, B2AB9AB91C2ADBE100908DD6 /* h2_push.c */, B2AB9ABA1C2ADBE100908DD6 /* h2_push.h */, B25574831BEB6EFC0058F97B /* h2_request.c */, @@ -167,6 +173,8 @@ B25574A41BEB6EFC0058F97B /* Makefile.am */, B25574A71BEB6EFC0058F97B /* mod_http2.c */, B2AB9ABC1C2ADBE100908DD6 /* mod_http2.h */, + B25096C81CC65E27002E8B04 /* mod_proxy_http2.c */, + B25096C91CC65E27002E8B04 /* mod_proxy_http2.h */, ); path = mod_http2; sourceTree = ""; diff --git a/mod_http2/Makefile.am b/mod_http2/Makefile.am index 3ca1f74f..18448c3b 100644 --- a/mod_http2/Makefile.am +++ b/mod_http2/Makefile.am @@ -16,11 +16,15 @@ SUBDIRS = ACLOCAL_AMFLAGS = -I m4 -lib_LTLIBRARIES = mod_http2.la +lib_LTLIBRARIES = mod_http2.la \ + mod_proxy_http2.la mod_http2_la_CPPFLAGS = -std=c99 -D_GNU_SOURCE -Werror mod_http2_la_LDFLAGS = -module +mod_proxy_http2_la_CPPFLAGS = -std=c99 -D_GNU_SOURCE -Werror +mod_proxy_http2_la_LDFLAGS = -module + OBJECTS = \ h2_alt_svc.c \ h2_bucket_beam.c \ @@ -82,16 +86,32 @@ HFILES = \ h2_workers.h \ mod_http2.h +PROXY_HFILES = \ + h2.h \ + h2_proxy_session.h \ + h2_request.h \ + h2_util.h \ + mod_proxy_http2.h + +PROXY_OBJECTS = \ + h2_proxy_session.c \ + h2_request.c \ + h2_util.c \ + mod_proxy_http2.c mod_http2_la_SOURCES = $(HFILES) $(OBJECTS) -all: mod_http2.la +mod_proxy_http2_la_SOURCES = $(PROXY_HFILES) $(PROXY_OBJECTS) + +all: mod_http2.la \ + mod_proxy_http2.la install-libLTLIBRARIES: @: # override -install-exec-local: mod_http2.la +install-exec-local: mod_http2.la mod_proxy_http2.la $(MKDIR_P) $(DESTDIR)/@LIBEXEC_DIR@ $(APXS) -i -S LIBEXECDIR=$(DESTDIR)/@LIBEXEC_DIR@ -n h2 mod_http2.la + $(APXS) -i -S LIBEXECDIR=$(DESTDIR)/@LIBEXEC_DIR@ -n h2 mod_proxy_http2.la diff --git a/mod_http2/h2_proxy_session.c b/mod_http2/h2_proxy_session.c index 51b68f2f..a1f37e33 100644 --- a/mod_http2/h2_proxy_session.c +++ b/mod_http2/h2_proxy_session.c @@ -211,7 +211,7 @@ static void process_proxy_header(request_rec *r, const char *n, const char *v) int i; for (i = 0; transform_hdrs[i].name; ++i) { - if (!ap_casecmpstr(transform_hdrs[i].name, n)) { + if (!h2_casecmpstr(transform_hdrs[i].name, n)) { dconf = ap_get_module_config(r->per_dir_config, &proxy_module); apr_table_add(r->headers_out, n, (*transform_hdrs[i].func)(r, dconf, v)); diff --git a/mod_http2/h2_util.c b/mod_http2/h2_util.c index 9beaeae0..bc5758a5 100644 --- a/mod_http2/h2_util.c +++ b/mod_http2/h2_util.c @@ -1430,3 +1430,123 @@ void h2_push_policy_determine(struct h2_request *req, apr_pool_t *p, int push_en req->push_policy = policy; } +/******************************************************************************* + * ap_casecmpstr, when will it be backported? + ******************************************************************************/ +#if !APR_CHARSET_EBCDIC +/* + * Provide our own known-fast implementation of str[n]casecmp() + * NOTE: Only ASCII alpha characters 41-5A are folded to 61-7A, + * other 8-bit latin alphabetics are never case-folded! + */ +static const unsigned char ucharmap[] = { + 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, + 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 'a', 'b', 'c', 'd', 'e', 'f', 'g', + 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', + 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', + 'x', 'y', 'z', 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 'a', 'b', 'c', 'd', 'e', 'f', 'g', + 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', + 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', + 'x', 'y', 'z', 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff +}; + +#else /* APR_CHARSET_EBCDIC */ +/* Derived from apr-iconv/ccs/cp037.c for EBCDIC case comparison, + provides unique identity of every char value (strict ISO-646 + conformance, arbitrary election of an ISO-8859-1 ordering, and + very arbitrary control code assignments into C1 to achieve + identity and a reversible mapping of code points), + then folding the equivalences of ASCII 41-5A into 61-7A, + presenting comparison results in a somewhat ISO/IEC 10646 + (ASCII-like) order, depending on the EBCDIC code page in use. + */ +static const unsigned char ucharmap[] = { + 0x00, 0x01, 0x02, 0x03, 0x9C, 0x09, 0x86, 0x7F, + 0x97, 0x8D, 0x8E, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x9D, 0x85, 0x08, 0x87, + 0x18, 0x19, 0x92, 0x8F, 0x1C, 0x1D, 0x1E, 0x1F, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x0A, 0x17, 0x1B, + 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x05, 0x06, 0x07, + 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, + 0x98, 0x99, 0x9A, 0x9B, 0x14, 0x15, 0x9E, 0x1A, + 0x20, 0xA0, 0xE2, 0xE4, 0xE0, 0xE1, 0xE3, 0xE5, + 0xE7, 0xF1, 0xA2, 0x2E, 0x3C, 0x28, 0x2B, 0x7C, + 0x26, 0xE9, 0xEA, 0xEB, 0xE8, 0xED, 0xEE, 0xEF, + 0xEC, 0xDF, 0x21, 0x24, 0x2A, 0x29, 0x3B, 0xAC, + 0x2D, 0x2F, 0xC2, 0xC4, 0xC0, 0xC1, 0xC3, 0xC5, + 0xC7, 0xD1, 0xA6, 0x2C, 0x25, 0x5F, 0x3E, 0x3F, + 0xF8, 0xC9, 0xCA, 0xCB, 0xC8, 0xCD, 0xCE, 0xCF, + 0xCC, 0x60, 0x3A, 0x23, 0x40, 0x27, 0x3D, 0x22, + 0xD8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0xAB, 0xBB, 0xF0, 0xFD, 0xFE, 0xB1, + 0xB0, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, + 0x71, 0x72, 0xAA, 0xBA, 0xE6, 0xB8, 0xC6, 0xA4, + 0xB5, 0x7E, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, + 0x79, 0x7A, 0xA1, 0xBF, 0xD0, 0xDD, 0xDE, 0xAE, + 0x5E, 0xA3, 0xA5, 0xB7, 0xA9, 0xA7, 0xB6, 0xBC, + 0xBD, 0xBE, 0x5B, 0x5D, 0xAF, 0xA8, 0xB4, 0xD7, + 0x7B, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0xAD, 0xF4, 0xF6, 0xF2, 0xF3, 0xF5, + 0x7D, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, + 0x71, 0x72, 0xB9, 0xFB, 0xFC, 0xF9, 0xFA, 0xFF, + 0x5C, 0xF7, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, + 0x79, 0x7A, 0xB2, 0xD4, 0xD6, 0xD2, 0xD3, 0xD5, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0xB3, 0xDB, 0xDC, 0xD9, 0xDA, 0x9F +}; +#endif + +AP_DECLARE(int) h2_casecmpstr(const char *s1, const char *s2) +{ + const unsigned char *ps1 = (const unsigned char *) s1; + const unsigned char *ps2 = (const unsigned char *) s2; + + while (ucharmap[*ps1] == ucharmap[*ps2]) { + if (*ps1++ == '\0') { + return (0); + } + ps2++; + } + return (ucharmap[*ps1] - ucharmap[*ps2]); +} + +AP_DECLARE(int) h2_casecmpstrn(const char *s1, const char *s2, apr_size_t n) +{ + const unsigned char *ps1 = (const unsigned char *) s1; + const unsigned char *ps2 = (const unsigned char *) s2; + while (n--) { + if (ucharmap[*ps1] != ucharmap[*ps2]) { + return (ucharmap[*ps1] - ucharmap[*ps2]); + } + if (*ps1++ == '\0') { + break; + } + ps2++; + } + return (0); +} + diff --git a/mod_http2/h2_util.h b/mod_http2/h2_util.h index e191c1ee..23098f4a 100644 --- a/mod_http2/h2_util.h +++ b/mod_http2/h2_util.h @@ -383,4 +383,8 @@ apr_status_t h2_append_brigade(apr_bucket_brigade *to, */ apr_off_t h2_brigade_mem_size(apr_bucket_brigade *bb); +/* when will ap_casecmpstr() be backported finally? */ +int h2_casecmpstr(const char *s1, const char *s2); +int h2_casecmpstrn(const char *s1, const char *s2, apr_size_t n); + #endif /* defined(__mod_h2__h2_util__) */ diff --git a/mod_http2/mod_proxy_http2.c b/mod_http2/mod_proxy_http2.c index f6432654..39939664 100644 --- a/mod_http2/mod_proxy_http2.c +++ b/mod_http2/mod_proxy_http2.c @@ -125,12 +125,12 @@ static int proxy_http2_canon(request_rec *r, char *url) apr_port_t port, def_port; /* ap_port_of_scheme() */ - if (ap_casecmpstrn(url, "h2c:", 4) == 0) { + if (h2_casecmpstrn(url, "h2c:", 4) == 0) { url += 4; scheme = "h2c"; http_scheme = "http"; } - else if (ap_casecmpstrn(url, "h2:", 3) == 0) { + else if (h2_casecmpstrn(url, "h2:", 3) == 0) { url += 3; scheme = "h2"; http_scheme = "https"; @@ -604,7 +604,8 @@ static int proxy_http2_handler(request_rec *r, /* Still more to do, tear down old conn and start over */ if (ctx->p_conn) { ctx->p_conn->close = 1; - proxy_run_detach_backend(r, ctx->p_conn); + /*only in trunk so far */ + /*proxy_run_detach_backend(r, ctx->p_conn);*/ ap_proxy_release_connection(ctx->proxy_func, ctx->p_conn, ctx->server); ctx->p_conn = NULL; } @@ -617,7 +618,8 @@ static int proxy_http2_handler(request_rec *r, /* close socket when errors happened or session shut down (EOF) */ ctx->p_conn->close = 1; } - proxy_run_detach_backend(ctx->rbase, ctx->p_conn); + /*only in trunk so far */ + /*proxy_run_detach_backend(ctx->rbase, ctx->p_conn);*/ ap_proxy_release_connection(ctx->proxy_func, ctx->p_conn, ctx->server); ctx->p_conn = NULL; }