NIFI-9804 Added HTTP/2 support to Application Server

- Added nifi.web.https.application.protocols property - Set default protocol to HTTP/1.1 and provided documentation for enabling HTTP/2 - Changed StandardALPNProcessor handshakeFailed log to debug Signed-off-by: Joe Gresock <jgresock@gmail.com> This closes #6093.
apache · Jun 3, 2022 · 4b655ec · 4b655ec
1 parent 639ab32
commit 4b655ec
Show file tree

Hide file tree

Showing 11 changed files with 490 additions and 491 deletions.
diff --git a/...in/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java b/...in/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java
@@ -162,7 +162,11 @@ public void setApplicationLayerProtocols(final Set<ApplicationLayerProtocol> app
         this.applicationLayerProtocols = applicationLayerProtocols;
     }
 
-    private HttpConfiguration getHttpConfiguration() {
+    protected Server getServer() {
+        return server;
+    }
+
+    protected HttpConfiguration getHttpConfiguration() {
         final HttpConfiguration httpConfiguration = new HttpConfiguration();
 
         if (sslContext != null) {
@@ -177,7 +181,7 @@ private HttpConfiguration getHttpConfiguration() {
         return httpConfiguration;
     }
 
-    private SslContextFactory.Server getSslContextFactory() {
+    protected SslContextFactory.Server getSslContextFactory() {
         final SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setSslContext(sslContext);
         sslContextFactory.setNeedClientAuth(needClientAuth);

diff --git a/...c/main/java/org/apache/nifi/jetty/configuration/connector/alpn/StandardALPNProcessor.java b/...c/main/java/org/apache/nifi/jetty/configuration/connector/alpn/StandardALPNProcessor.java
@@ -117,7 +117,7 @@ public void handshakeSucceeded(final Event event) {
          */
         @Override
         public void handshakeFailed(final Event event, final Throwable failure) {
-            logger.warn("Connection Remote Address [{}] Handshake Failed", serverConnection.getEndPoint().getRemoteAddress(), failure);
+            logger.debug("Connection Remote Address [{}] Handshake Failed", serverConnection.getEndPoint().getRemoteAddress(), failure);
         }
     }
 }
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -225,6 +225,7 @@ public class NiFiProperties extends ApplicationProperties {
     public static final String WEB_HTTPS_PORT = "nifi.web.https.port";
     public static final String WEB_HTTPS_PORT_FORWARDING = "nifi.web.https.port.forwarding";
     public static final String WEB_HTTPS_HOST = "nifi.web.https.host";
+    public static final String WEB_HTTPS_APPLICATION_PROTOCOLS = "nifi.web.https.application.protocols";
     public static final String WEB_HTTPS_CIPHERSUITES_INCLUDE = "nifi.web.https.ciphersuites.include";
     public static final String WEB_HTTPS_CIPHERSUITES_EXCLUDE = "nifi.web.https.ciphersuites.exclude";
     public static final String WEB_HTTPS_NETWORK_INTERFACE_PREFIX = "nifi.web.https.network.interface.";
@@ -334,6 +335,7 @@ public class NiFiProperties extends ApplicationProperties {
     public static final String DEFAULT_LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE = "conf/login-identity-providers.xml";
     public static final Integer DEFAULT_REMOTE_INPUT_PORT = null;
     public static final Path DEFAULT_TEMPLATE_DIRECTORY = Paths.get("conf", "templates");
+    private static final String DEFAULT_WEB_HTTPS_APPLICATION_PROTOCOLS = "http/1.1";
     public static final int DEFAULT_WEB_THREADS = 200;
     public static final String DEFAULT_WEB_MAX_HEADER_SIZE = "16 KB";
     public static final String DEFAULT_WEB_WORKING_DIR = "./work/jetty";
@@ -705,6 +707,16 @@ public Integer getConfiguredHttpOrHttpsPort() throws RuntimeException {
         }
     }
 
+    /**
+     * Get Web HTTPS Application Protocols defaults to HTTP/1.1
+     *
+     * @return Set of configured HTTPS Application Protocols
+     */
+    public Set<String> getWebHttpsApplicationProtocols() {
+        final String protocols = getProperty(WEB_HTTPS_APPLICATION_PROTOCOLS, DEFAULT_WEB_HTTPS_APPLICATION_PROTOCOLS);
+        return Arrays.stream(protocols.split("\\s+")).collect(Collectors.toSet());
+    }
+
     public String getWebMaxHeaderSize() {
         return getProperty(WEB_MAX_HEADER_SIZE, DEFAULT_WEB_MAX_HEADER_SIZE);
     }

diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -3884,6 +3884,13 @@ For example, to provide two additional network interfaces, a user could also spe
 `nifi.web.https.network.interface.eth1=eth1` +
 +
 Providing three total network interfaces, including  `nifi.web.https.network.interface.default`.
+|`nifi.web.https.application.protocols`|The space-separated list of application protocols supported when running with HTTPS enabled.
+
+The default value is `http/1.1`.
+
+The value can be set to `h2 http/1.1` to support Application Layer Protocol Negotiation (ALPN) for HTTP/2 or HTTP/1.1 based on client capabilities.
+
+The value can be set to `h2` to require HTTP/2 and disable HTTP/1.1.
 |`nifi.web.jetty.working.directory`|The location of the Jetty working directory. The default value is `./work/jetty`.
 |`nifi.web.jetty.threads`|The number of Jetty threads. The default value is `200`.
 |`nifi.web.max.header.size`|The maximum size allowed for request and response headers. The default value is `16 KB`.

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
@@ -126,6 +126,7 @@
         <nifi.web.https.host>127.0.0.1</nifi.web.https.host>
         <nifi.web.https.port>8443</nifi.web.https.port>
         <nifi.web.https.network.interface.default />
+        <nifi.web.https.application.protocols>http/1.1</nifi.web.https.application.protocols>
         <nifi.jetty.work.dir>./work/jetty</nifi.jetty.work.dir>
         <nifi.web.jetty.threads>200</nifi.web.jetty.threads>
         <nifi.web.max.header.size>16 KB</nifi.web.max.header.size>

diff --git a/...fi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/...fi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -151,6 +151,7 @@ nifi.web.http.network.interface.default=${nifi.web.http.network.interface.defaul
 nifi.web.https.host=${nifi.web.https.host}
 nifi.web.https.port=${nifi.web.https.port}
 nifi.web.https.network.interface.default=${nifi.web.https.network.interface.default}
+nifi.web.https.application.protocols=${nifi.web.https.application.protocols}
 nifi.web.jetty.working.directory=${nifi.jetty.work.dir}
 nifi.web.jetty.threads=${nifi.web.jetty.threads}
 nifi.web.max.header.size=${nifi.web.max.header.size}

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/pom.xml
@@ -152,6 +152,19 @@
             <artifactId>nifi-ui-extension</artifactId>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-jetty-configuration</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty.http2</groupId>
+            <artifactId>http2-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-alpn-server</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-web-security</artifactId>