Updating Solr to allow http2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Updating Solr to allow http2

Shawn Heisey
Solr is an Apache project that uses Jetty.

It includes a very stripped-down install of Jetty.  Recently somebody
wanted to enable HTTP/2 on their Solr server.  Presumably they're using
a client that supports it.

Solr's install of Jetty doesn't include the jars for HTTP/2.  These are
the jars we currently install in Jetty's lib directory (in our master
branch):

gmetric4j-1.0.7.jar
javax.servlet-api-3.1.0.jar
jetty-continuation-9.4.8.v20171121.jar
jetty-deploy-9.4.8.v20171121.jar
jetty-http-9.4.8.v20171121.jar
jetty-io-9.4.8.v20171121.jar
jetty-jmx-9.4.8.v20171121.jar
jetty-rewrite-9.4.8.v20171121.jar
jetty-security-9.4.8.v20171121.jar
jetty-server-9.4.8.v20171121.jar
jetty-servlet-9.4.8.v20171121.jar
jetty-servlets-9.4.8.v20171121.jar
jetty-util-9.4.8.v20171121.jar
jetty-webapp-9.4.8.v20171121.jar
jetty-xml-9.4.8.v20171121.jar
metrics-core-3.2.2.jar
metrics-ganglia-3.2.2.jar
metrics-graphite-3.2.2.jar
metrics-jetty9-3.2.2.jar
metrics-jvm-3.2.2.jar

So to make this possible, I need to add the three jars that are in
lib/http2 ... but from what I can tell, I also need to add
jetty-alpn-server.

The Solr codebase uses ivy for dependency management.  The dependencies
showing on Maven Central for the http2 jars and jetty-alpn-server don't
show any other dependencies that Solr is missing, but if I look at the
Jetty 9.4.8 download, I do see some other jars that look possibly
related -- like alpn-api, and a number of other jetty-alpn jars.

Is Maven showing the correct dependency information, or do I need these
other alpn jars in order to enable HTTP/2?  Is there anything else that
I need that I haven't touched on?

Thanks,
Shawn
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Updating Solr to allow http2

Joakim Erdfelt-8
Don't forget to think about what JVM Runtime you are running on.

https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html

Java 1.8?  Then you need a -Xbootclasspath/p:<path_to_alpn_boot_jar> for your alpn-boot-<jvm-version-dependent>.jar

Java 9?  Then you don't use alpn-boot, but instead you need `jetty-alpn-java-server` artifact present in your classpath (don't add this artifact for Java 1.8 runtime)



Joakim Erdfelt / [hidden email]

On Mon, Feb 26, 2018 at 12:49 PM, Shawn Heisey <[hidden email]> wrote:
Solr is an Apache project that uses Jetty.

It includes a very stripped-down install of Jetty.  Recently somebody
wanted to enable HTTP/2 on their Solr server.  Presumably they're using
a client that supports it.

Solr's install of Jetty doesn't include the jars for HTTP/2.  These are
the jars we currently install in Jetty's lib directory (in our master
branch):

gmetric4j-1.0.7.jar
javax.servlet-api-3.1.0.jar
jetty-continuation-9.4.8.v20171121.jar
jetty-deploy-9.4.8.v20171121.jar
jetty-http-9.4.8.v20171121.jar
jetty-io-9.4.8.v20171121.jar
jetty-jmx-9.4.8.v20171121.jar
jetty-rewrite-9.4.8.v20171121.jar
jetty-security-9.4.8.v20171121.jar
jetty-server-9.4.8.v20171121.jar
jetty-servlet-9.4.8.v20171121.jar
jetty-servlets-9.4.8.v20171121.jar
jetty-util-9.4.8.v20171121.jar
jetty-webapp-9.4.8.v20171121.jar
jetty-xml-9.4.8.v20171121.jar
metrics-core-3.2.2.jar
metrics-ganglia-3.2.2.jar
metrics-graphite-3.2.2.jar
metrics-jetty9-3.2.2.jar
metrics-jvm-3.2.2.jar

So to make this possible, I need to add the three jars that are in
lib/http2 ... but from what I can tell, I also need to add
jetty-alpn-server.

The Solr codebase uses ivy for dependency management.  The dependencies
showing on Maven Central for the http2 jars and jetty-alpn-server don't
show any other dependencies that Solr is missing, but if I look at the
Jetty 9.4.8 download, I do see some other jars that look possibly
related -- like alpn-api, and a number of other jetty-alpn jars.

Is Maven showing the correct dependency information, or do I need these
other alpn jars in order to enable HTTP/2?  Is there anything else that
I need that I haven't touched on?

Thanks,
Shawn
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Updating Solr to allow http2

Shawn Heisey
On 2/26/2018 12:02 PM, Joakim Erdfelt wrote:

> Don't forget to think about what JVM Runtime you are running on.
>
> https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html
>
> Java 1.8?  Then you need a -Xbootclasspath/p:<path_to_alpn_boot_jar> for
> your alpn-boot-<jvm-version-dependent>.jar
> JVM Version to alpn-boot
> table: https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html#alpn-versions
>
> Java 9?  Then you don't use alpn-boot, but instead you need
> `jetty-alpn-java-server` artifact present in your classpath (don't add
> this artifact for Java 1.8 runtime)

Recent Solr versions support Java 8 and Java 9.  We recommend either
Oracle or OpenJDK, because other implementations (primarily IBM's) are
known to have problems with Lucene-based software.  Because Solr does
not enforce one provider over another, I have absolutely no idea what
JVM the user will be using.

Reading the page you provided about ALPN, it sounds like Solr could
probably include the conscrypt provider (and any dependencies that
requires) and have everything work.  When we update to require Java 9,
then Solr can switch to the provider using the ALPN support built into
the JVM.  The documentation for Solr can refer users to Jetty
documentation if they really want to use a different ALPN provider.

Does HTTP/2 on Jetty require TLS, or can it work without encryption?  I
know that TLS is definitely preferred, and most clients will require it,
but it's a question I know people will ask, so I want to get it answered
now.  I'm going to guess that TLS will be required.

Thanks,
Shawn
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Updating Solr to allow http2

Joakim Erdfelt-8
IIRC, TLS (w/ALPN) is required for all user-agents to use for HTTP/2.

There is a protocol called "h2c" that allows for HTTP/2 in clear-text, but no client supports that.
However many load balancers, and proxies do.

If you have such a setup, then the LB or Proxy would talk to Jetty via "h2c".

As for Jetty support for "h2c", that's a different connection factory. (HTTP2CServerConnectionFactory vs HTTP2ServerConnectionFactory)


Joakim Erdfelt / [hidden email]

On Mon, Feb 26, 2018 at 2:10 PM, Shawn Heisey <[hidden email]> wrote:
On 2/26/2018 12:02 PM, Joakim Erdfelt wrote:
> Don't forget to think about what JVM Runtime you are running on.
>
> https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html
>
> Java 1.8?  Then you need a -Xbootclasspath/p:<path_to_alpn_boot_jar> for
> your alpn-boot-<jvm-version-dependent>.jar
> JVM Version to alpn-boot
> table: https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html#alpn-versions
>
> Java 9?  Then you don't use alpn-boot, but instead you need
> `jetty-alpn-java-server` artifact present in your classpath (don't add
> this artifact for Java 1.8 runtime)

Recent Solr versions support Java 8 and Java 9.  We recommend either
Oracle or OpenJDK, because other implementations (primarily IBM's) are
known to have problems with Lucene-based software.  Because Solr does
not enforce one provider over another, I have absolutely no idea what
JVM the user will be using.

Reading the page you provided about ALPN, it sounds like Solr could
probably include the conscrypt provider (and any dependencies that
requires) and have everything work.  When we update to require Java 9,
then Solr can switch to the provider using the ALPN support built into
the JVM.  The documentation for Solr can refer users to Jetty
documentation if they really want to use a different ALPN provider.

Does HTTP/2 on Jetty require TLS, or can it work without encryption?  I
know that TLS is definitely preferred, and most clients will require it,
but it's a question I know people will ask, so I want to get it answered
now.  I'm going to guess that TLS will be required.

Thanks,
Shawn
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users