homelab/traefik
1
0
Fork 0
Code Activity

Implement HTTP2 HPACK table size options

Browse source
This commit is contained in:
GCHQDeveloper548 2025-10-03 13:24:04 +01:00 committed by GitHub
parent 5d830477b7
commit 0b7f0b4042
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 115 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/reference/install-configuration/configuration-options.md
View file

@ -100,6 +100,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
| <a id="entrypoints-name-http-tls-domains0-sans" href="#entrypoints-name-http-tls-domains0-sans" title="#entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | | | <a id="entrypoints-name-http-tls-domains0-sans" href="#entrypoints-name-http-tls-domains0-sans" title="#entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | |
| <a id="entrypoints-name-http-tls-options" href="#entrypoints-name-http-tls-options" title="#entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | | | <a id="entrypoints-name-http-tls-options" href="#entrypoints-name-http-tls-options" title="#entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | |
| <a id="entrypoints-name-http2-maxconcurrentstreams" href="#entrypoints-name-http2-maxconcurrentstreams" title="#entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 | | <a id="entrypoints-name-http2-maxconcurrentstreams" href="#entrypoints-name-http2-maxconcurrentstreams" title="#entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
| <a id="entrypoints-name-http2-maxdecoderheadertablesize" href="#entrypoints-name-http2-maxdecoderheadertablesize" title="#entrypoints-name-http2-maxdecoderheadertablesize">entrypoints._name_.http2.maxdecoderheadertablesize</a> | Specifies the maximum size of the HTTP2 HPACK header table on the decoding (receiving from client) side. | 4096 |
| <a id="entrypoints-name-http2-maxencoderheadertablesize" href="#entrypoints-name-http2-maxencoderheadertablesize" title="#entrypoints-name-http2-maxencoderheadertablesize">entrypoints._name_.http2.maxencoderheadertablesize</a> | Specifies the maximum size of the HTTP2 HPACK header table on the encoding (sending to client) side. | 4096 |
| <a id="entrypoints-name-http3" href="#entrypoints-name-http3" title="#entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false | | <a id="entrypoints-name-http3" href="#entrypoints-name-http3" title="#entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false |
| <a id="entrypoints-name-http3-advertisedport" href="#entrypoints-name-http3-advertisedport" title="#entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 | | <a id="entrypoints-name-http3-advertisedport" href="#entrypoints-name-http3-advertisedport" title="#entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 |
| <a id="entrypoints-name-observability-accesslogs" href="#entrypoints-name-observability-accesslogs" title="#entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true | | <a id="entrypoints-name-observability-accesslogs" href="#entrypoints-name-observability-accesslogs" title="#entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true |

2
docs/content/reference/install-configuration/entrypoints.md
View file

@ -101,6 +101,8 @@ additionalArguments:
| <a id="http-tls-options" href="#http-tls-options" title="#http-tls-options">`http.tls.options`</a> | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No | | <a id="http-tls-options" href="#http-tls-options" title="#http-tls-options">`http.tls.options`</a> | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No |
| <a id="http-tls-certResolver" href="#http-tls-certResolver" title="#http-tls-certResolver">`http.tls.certResolver`</a> | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No | | <a id="http-tls-certResolver" href="#http-tls-certResolver" title="#http-tls-certResolver">`http.tls.certResolver`</a> | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No |
| <a id="http2-maxConcurrentStreams" href="#http2-maxConcurrentStreams" title="#http2-maxConcurrentStreams">`http2.maxConcurrentStreams`</a> | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No | | <a id="http2-maxConcurrentStreams" href="#http2-maxConcurrentStreams" title="#http2-maxConcurrentStreams">`http2.maxConcurrentStreams`</a> | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No |
| <a id="http2-maxDecoderHeaderTableSize" href="#http2-maxDecoderHeaderTableSize" title="#http2-maxDecoderHeaderTableSize">`http2.maxDecoderHeaderTableSize`</a> | Set the maximum size of the decoder header compression table. This controls the maximum size of the header cache that the server is willing to maintain so the client does not need to repeatedly send the same header across requests in the same http2 connection. <br /> This value is only a maximum, the other end of the connection can use a lower size. | 4096 | No |
| <a id="http2-maxEncoderHeaderTableSize" href="#http2-maxEncoderHeaderTableSize" title="#http2-maxEncoderHeaderTableSize">`http2.maxEncoderHeaderTableSize`</a> | Set the maximum size of the encoder header compression table. This controls the maximum size of the header cache that the server is willing to maintain when sending headers to the client, allowing the server to reduce the amount of duplicate headers it is sending in responses. <br /> This value is only a maximum, the other end of the connection can use a lower size. | 4096 | No |
| <a id="http3" href="#http3" title="#http3">`http3`</a> | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3). | - | No | | <a id="http3" href="#http3" title="#http3">`http3`</a> | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3). | - | No |
| <a id="http3-advertisedPort" href="#http3-advertisedPort" title="#http3-advertisedPort">`http3.advertisedPort`</a> | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No | | <a id="http3-advertisedPort" href="#http3-advertisedPort" title="#http3-advertisedPort">`http3.advertisedPort`</a> | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No |
| <a id="observability-accessLogs" href="#observability-accessLogs" title="#observability-accessLogs">`observability.accessLogs`</a> | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No | | <a id="observability-accessLogs" href="#observability-accessLogs" title="#observability-accessLogs">`observability.accessLogs`</a> | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |

52
docs/content/routing/entrypoints.md
View file

@ -107,6 +107,8 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
address: ":8888" # same as ":8888/tcp" address: ":8888" # same as ":8888/tcp"
http2: http2:
maxConcurrentStreams: 42 maxConcurrentStreams: 42
maxDecoderHeaderTableSize: 42
maxEncoderHeaderTableSize: 42
http3: http3:
advertisedPort: 8888 advertisedPort: 8888
transport: transport:
@ -136,6 +138,8 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
address = ":8888" # same as ":8888/tcp" address = ":8888" # same as ":8888/tcp"
[entryPoints.name.http2] [entryPoints.name.http2]
maxConcurrentStreams = 42 maxConcurrentStreams = 42
maxDecoderHeaderTableSize = 42
maxEncoderHeaderTableSize = 42
[entryPoints.name.http3] [entryPoints.name.http3]
advertisedPort = 8888 advertisedPort = 8888
[entryPoints.name.transport] [entryPoints.name.transport]
@ -158,6 +162,8 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 # same as :8888/tcp --entryPoints.name.address=:8888 # same as :8888/tcp
--entryPoints.name.http2.maxConcurrentStreams=42 --entryPoints.name.http2.maxConcurrentStreams=42
--entryPoints.name.http2.maxDecoderHeaderTableSize=42
--entryPoints.name.http2.maxEncoderHeaderTableSize=42
--entryPoints.name.http3.advertisedport=8888 --entryPoints.name.http3.advertisedport=8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42 --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.name.transport.lifeCycle.graceTimeOut=42 --entryPoints.name.transport.lifeCycle.graceTimeOut=42
@ -408,6 +414,52 @@ entryPoints:
--entryPoints.name.http2.maxConcurrentStreams=250 --entryPoints.name.http2.maxConcurrentStreams=250
``` ```
#### `maxDecoderHeaderTableSize`
_Optional, Default=4096_
`maxDecoderHeaderTableSize` specifies the maximum size of the HTTP2 HPACK header table on the decoding (receiving from client) side.
```yaml tab="File (YAML)"
entryPoints:
foo:
http2:
maxDecoderHeaderTableSize: 4096
```
```toml tab="File (TOML)"
[entryPoints.foo]
[entryPoints.foo.http2]
maxDecoderHeaderTableSize = 4096
```
```bash tab="CLI"
--entryPoints.name.http2.maxDecoderHeaderTableSize=4096
```
#### `maxEncoderHeaderTableSize`
_Optional, Default=4096_
`maxEncoderHeaderTableSize` specifies the maximum size of the HTTP2 HPACK header table on the encoding (sending to client) side.
```yaml tab="File (YAML)"
entryPoints:
foo:
http2:
maxEncoderHeaderTableSize: 4096
```
```toml tab="File (TOML)"
[entryPoints.foo]
[entryPoints.foo.http2]
maxEncoderHeaderTableSize = 4096
```
```bash tab="CLI"
--entryPoints.name.http2.maxEncoderHeaderTableSize=4096
```
### HTTP/3 ### HTTP/3
#### `http3` #### `http3`

4
pkg/config/static/entrypoints.go
View file

@ -82,11 +82,15 @@ func (c *HTTPConfig) SetDefaults() {
// HTTP2Config is the HTTP2 configuration of an entry point. // HTTP2Config is the HTTP2 configuration of an entry point.
type HTTP2Config struct { type HTTP2Config struct {
MaxConcurrentStreams int32 `description:"Specifies the number of concurrent streams per connection that each client is allowed to initiate." json:"maxConcurrentStreams,omitempty" toml:"maxConcurrentStreams,omitempty" yaml:"maxConcurrentStreams,omitempty" export:"true"` MaxConcurrentStreams int32 `description:"Specifies the number of concurrent streams per connection that each client is allowed to initiate." json:"maxConcurrentStreams,omitempty" toml:"maxConcurrentStreams,omitempty" yaml:"maxConcurrentStreams,omitempty" export:"true"`
MaxDecoderHeaderTableSize int32 `description:"Specifies the maximum size of the HTTP2 HPACK header table on the decoding (receiving from client) side." json:"maxDecoderHeaderTableSize,omitempty" toml:"maxDecoderHeaderTableSize,omitempty" yaml:"maxDecoderHeaderTableSize,omitempty" export:"true"`
MaxEncoderHeaderTableSize int32 `description:"Specifies the maximum size of the HTTP2 HPACK header table on the encoding (sending to client) side." json:"maxEncoderHeaderTableSize,omitempty" toml:"maxEncoderHeaderTableSize,omitempty" yaml:"maxEncoderHeaderTableSize,omitempty" export:"true"`
} }
// SetDefaults sets the default values. // SetDefaults sets the default values.
func (c *HTTP2Config) SetDefaults() { func (c *HTTP2Config) SetDefaults() {
c.MaxConcurrentStreams = 250 // https://cs.opensource.google/go/x/net/+/cd36cc07:http2/server.go;l=58 c.MaxConcurrentStreams = 250 // https://cs.opensource.google/go/x/net/+/cd36cc07:http2/server.go;l=58
c.MaxDecoderHeaderTableSize = 4096 // https://cs.opensource.google/go/x/net/+/0e478a2a:http2/server.go;l=105
c.MaxEncoderHeaderTableSize = 4096 // https://cs.opensource.google/go/x/net/+/0e478a2a:http2/server.go;l=111
} }
// HTTP3Config is the HTTP3 configuration of an entry point. // HTTP3Config is the HTTP3 configuration of an entry point.

8
pkg/config/static/static_config_test.go
View file

@ -75,6 +75,8 @@ func TestConfiguration_SetEffectiveConfiguration(t *testing.T) {
}, },
HTTP2: &HTTP2Config{ HTTP2: &HTTP2Config{
MaxConcurrentStreams: 250, MaxConcurrentStreams: 250,
MaxDecoderHeaderTableSize: 4096,
MaxEncoderHeaderTableSize: 4096,
}, },
HTTP3: nil, HTTP3: nil,
UDP: &UDPConfig{ UDP: &UDPConfig{
@ -121,6 +123,8 @@ func TestConfiguration_SetEffectiveConfiguration(t *testing.T) {
}, },
HTTP2: &HTTP2Config{ HTTP2: &HTTP2Config{
MaxConcurrentStreams: 250, MaxConcurrentStreams: 250,
MaxDecoderHeaderTableSize: 4096,
MaxEncoderHeaderTableSize: 4096,
}, },
HTTP3: nil, HTTP3: nil,
UDP: &UDPConfig{ UDP: &UDPConfig{
@ -178,6 +182,8 @@ func TestConfiguration_SetEffectiveConfiguration(t *testing.T) {
}, },
HTTP2: &HTTP2Config{ HTTP2: &HTTP2Config{
MaxConcurrentStreams: 250, MaxConcurrentStreams: 250,
MaxDecoderHeaderTableSize: 4096,
MaxEncoderHeaderTableSize: 4096,
}, },
HTTP3: nil, HTTP3: nil,
UDP: &UDPConfig{ UDP: &UDPConfig{
@ -239,6 +245,8 @@ func TestConfiguration_SetEffectiveConfiguration(t *testing.T) {
}, },
HTTP2: &HTTP2Config{ HTTP2: &HTTP2Config{
MaxConcurrentStreams: 250, MaxConcurrentStreams: 250,
MaxDecoderHeaderTableSize: 4096,
MaxEncoderHeaderTableSize: 4096,
}, },
HTTP3: nil, HTTP3: nil,
UDP: &UDPConfig{ UDP: &UDPConfig{

8
pkg/server/server_entrypoint_tcp.go
View file

@ -631,6 +631,12 @@ func newHTTPServer(ctx context.Context, ln net.Listener, configuration *static.E
if configuration.HTTP2.MaxConcurrentStreams < 0 { if configuration.HTTP2.MaxConcurrentStreams < 0 {
return nil, errors.New("max concurrent streams value must be greater than or equal to zero") return nil, errors.New("max concurrent streams value must be greater than or equal to zero")
} }
if configuration.HTTP2.MaxDecoderHeaderTableSize < 0 {
return nil, errors.New("max decoder header table size value must be greater than or equal to zero")
}
if configuration.HTTP2.MaxEncoderHeaderTableSize < 0 {
return nil, errors.New("max encoder header table size value must be greater than or equal to zero")
}
httpSwitcher := middlewares.NewHandlerSwitcher(http.NotFoundHandler()) httpSwitcher := middlewares.NewHandlerSwitcher(http.NotFoundHandler())
@ -689,6 +695,8 @@ func newHTTPServer(ctx context.Context, ln net.Listener, configuration *static.E
MaxHeaderBytes: configuration.HTTP.MaxHeaderBytes, MaxHeaderBytes: configuration.HTTP.MaxHeaderBytes,
HTTP2: &http.HTTP2Config{ HTTP2: &http.HTTP2Config{
MaxConcurrentStreams: int(configuration.HTTP2.MaxConcurrentStreams), MaxConcurrentStreams: int(configuration.HTTP2.MaxConcurrentStreams),
MaxDecoderHeaderTableSize: int(configuration.HTTP2.MaxDecoderHeaderTableSize),
MaxEncoderHeaderTableSize: int(configuration.HTTP2.MaxEncoderHeaderTableSize),
}, },
} }
if debugConnection || (configuration.Transport != nil && (configuration.Transport.KeepAliveMaxTime > 0 || configuration.Transport.KeepAliveMaxRequests > 0)) { if debugConnection || (configuration.Transport != nil && (configuration.Transport.KeepAliveMaxTime > 0 || configuration.Transport.KeepAliveMaxRequests > 0)) {

31
pkg/server/server_entrypoint_tcp_test.go
View file

@ -648,3 +648,34 @@ func TestPathOperations(t *testing.T) {
}) })
} }
} }
func TestHTTP2Config(t *testing.T) {
expectedMaxConcurrentStreams := 42
expectedEncoderTableSize := 128
expectedDecoderTableSize := 256
// Create a listener for the server.
ln, err := net.Listen("tcp", "127.0.0.1:0")
require.NoError(t, err)
t.Cleanup(func() {
_ = ln.Close()
})
// Define the server configuration.
configuration := &static.EntryPoint{}
configuration.SetDefaults()
configuration.HTTP2.MaxConcurrentStreams = int32(expectedMaxConcurrentStreams)
configuration.HTTP2.MaxEncoderHeaderTableSize = int32(expectedEncoderTableSize)
configuration.HTTP2.MaxDecoderHeaderTableSize = int32(expectedDecoderTableSize)
// Create the HTTP server using newHTTPServer.
server, err := newHTTPServer(t.Context(), ln, configuration, false, requestdecorator.New(nil))
require.NoError(t, err)
// Get the underlying HTTP Server.
httpServer := server.Server.(*http.Server)
assert.Equal(t, expectedMaxConcurrentStreams, httpServer.HTTP2.MaxConcurrentStreams)
assert.Equal(t, expectedEncoderTableSize, httpServer.HTTP2.MaxEncoderHeaderTableSize)
assert.Equal(t, expectedDecoderTableSize, httpServer.HTTP2.MaxDecoderHeaderTableSize)
}