Enable h2c on NGINX Ingress Controller

2 min readAug 2, 2020

Without SSL h2c is faster than h2 ( HTTP/2) ,but only some client can support. This is how to enable it.

Add this server-snippet to your ingress

$ kubectl get ing demo 
NAME   HOSTS         ADDRESS           PORTS   AGE
demo   bar.foo.com   192.168.195.102   80      34h
webadm@s101:~$ kubectl get ing demo -o json|grep server-snippet                                          
            "nginx.ingress.kubernetes.io/server-snippet": "listen 0.0.0.0:81 default_server reuseport backlog=511 http2 ;\n"

OK, now prove it ( to do this your Curl need to support HTTP2 feature)

$ curl -v -o /dev/null -sS --http2-prior-knowledge -H "host: bar.foo.com" 192.168.195.102:81
* Rebuilt URL to: 192.168.195.102:81/
*   Trying 192.168.195.102...
* TCP_NODELAY set
* Connected to 192.168.195.102 (192.168.195.102) port 81 (#0)
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x562ba0a614b0)
> GET / HTTP/2
> host: bar.foo.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< date: Sun, 02 Aug 2020 01:47:31 GMT
< content-type: text/plain
< vary: Accept-Encoding
< 
{ [701 bytes data]
* Connection #0 to host 192.168.195.102 left intact

As you can see “HTTP/2 confirmed” What happen when we call HTTP/1.1 to h2c port

$ curl -v -o /dev/null -sS  -H "host: bar.foo.com" 192.168.195.102:81                       
* Rebuilt URL to: 192.168.195.102:81/
*   Trying 192.168.195.102...
* TCP_NODELAY set
* Connected to 192.168.195.102 (192.168.195.102) port 81 (#0)
> GET / HTTP/1.1
> host: bar.foo.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
{ [57 bytes data]
* Connection #0 to host 192.168.195.102 left intact

So, HTTP/1.1 client must call HTTP port instead

$ curl -v -o /dev/null -sS  -H "host: bar.foo.com" 192.168.195.102:80
* Rebuilt URL to: 192.168.195.102:80/
*   Trying 192.168.195.102...
* TCP_NODELAY set
* Connected to 192.168.195.102 (192.168.195.102) port 80 (#0)
> GET / HTTP/1.1
> host: bar.foo.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sun, 02 Aug 2020 01:55:50 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< 
{ [713 bytes data]
* Connection #0 to host 192.168.195.102 left intact

That’s all.

Enable h2c on NGINX Ingress Controller

Written by Jbn1233

Responses (1)