h2c (HTTP/2 without TLS) backend support

[blop]

Would be nice to add support for HTTP/2 backend without TLS, reducing overhead and avoiding the use of selfsigned certificate and backend configuration.

We just need a way to indicate to Traefik that the backend should be contacted using HTTP2 directly (could be a h2c:// scheme in the url maybe?)

Maybe related to golang/go#14141

[sagikazarmark]

To be honest I'm confused as hell because of comments like this: #790 (comment)

As far as I know, TLS is not required for HTTP2, still everywhere I look (even the documentation) says it requires HTTPS.

I don't know if there is a blackhole in my mind and completely miss something or as the title says HTTP2 is (intentionally) only supported with TLS in Traefik.

Either way, it would be nice to support HTTP2 without TLS.

[timoreimann]

@sagikazarmark you seem to be correct. I also remembered this differently, but maybe that was before the final version or the standard was ratified.

FWIW, the linked FAQ states that none of the major browsers support unencrypted traffic right now. That doesn't apply to web services, of course.

[jbpin]

Hi,
Maybe it's not the right place for this and so doing feel free to indicate me a better place to post this question.
I have grpc services in container running on docker. I try to do TLS Termination. In this case, Traefik handle http/2 secure communication and internally, request to my gRpc service in the container is insecure.

client with credential SSL -> Traefik -> server with insecure

Unfortunately, Traefik try to talk with my server using http/1 and not http/2.

level=warning msg="Error forwarding to http://172.18.0.9:10000, err: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x00\x00\x00\x04\x00\x00\x00\x00\x00""

Do you know if there is a way to use TLS Termination on Traefik using http/2 ?
Thanks

[emilevauge]

Maybe @juliens can help on this?

[lachnerd]

Any Updates on this ?

[jbpin]

Not on my side... I don't know why Traefik is translating my request from http/2 to http/1.

[liukgg]

Any Updates on this? I think it maybe not necessary to use https when one service commnunicates to another by gRPC in the same k8s cluster.

[sbhenderson]

For those using h2c and gRPC, I found nginx to be capable of gRPC passthrough with proper handling of the HTTP/2 authority header.

I am hoping that Traefik implements h2c handling as it otherwise looks very appealing.

[gdheller42]

all my docker swarm services use grpc unencrypted to communicate between then locally. Want to use Traefik since it integrates so well with swarm. Switching to https or TLS is not going to happen though. I will have to continue to use nginx with grpc for now even though it is not able to reresolve the service names if I restart a service.
Also hoping that Traefik implements http2 without https as grpc does...

[sagikazarmark]

Nice 🎉