rms/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2026-05-20 18:26:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

lib/httpserver: revert HTTP/2 support

Browse Source 
This commit request revert the commit
d6bbfaf164 for the following reasons:

1. HTTP/2 carries security risks.
2. Most components in the VictoriaMetrics stack do not require HTTP/2
support.
3. While HTTP/2 support was available only as an option in previous
commit, there remains a potential risk of misusing this option and
enabling HTTP/2 inadvertently.

For components (e.g., VictoriaTraces) that require HTTP/2 support, they
should currently build an HTTP server manually with built-in packages,
instead of using `lib/httpserver` in VictoriaMetrics. If the mentioned
issue is resolved in the future and more components need HTTP/2, this
support can be reintroduced into `lib/httpserver`.
 
Related PR https://github.com/VictoriaMetrics/VictoriaMetrics/pull/9927
This commit is contained in:
Zhu Jiekun
2025-10-30 19:36:48 +08:00
committed by f41gh7
parent 44d33c1570
commit e4422e14eb
1 changed files with 5 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/httpserver/httpserver.go
View File

@@ -98,8 +98,6 @@ type ServeOptions struct {
//
// Mostly required by http proxy servers, which performs own authorization and requests routing
DisableBuiltinRoutes bool
// EnableHTTP2 enable HTTP/2 support for the given server.
EnableHTTP2 bool
}
// Serve starts an http server on the given addrs with the given optional rh.
@@ -149,30 +147,16 @@ func serve(addr string, rh RequestHandler, idx int, opts ServeOptions) {
logger.Infof("pprof handlers are exposed at %s://%s/debug/pprof/", scheme, ln.Addr())
}
serveWithListener(addr, ln, rh, opts.DisableBuiltinRoutes, opts.EnableHTTP2)
serveWithListener(addr, ln, rh, opts.DisableBuiltinRoutes)
}
func serveWithListener(addr string, ln net.Listener, rh RequestHandler, disableBuiltinRoutes bool, enableHTTP2 bool) {
func serveWithListener(addr string, ln net.Listener, rh RequestHandler, disableBuiltinRoutes bool) {
var s server
// Disable HTTP/2 by default, since it doesn't give any advantages for VictoriaMetrics services.
// But for external projects that import `httpserver` package,
// the `enableHTTP2` arg provides the flexibility to use HTTP/2.
var (
protocols *http.Protocols
tlsNextProto map[string]func(*http.Server, *tls.Conn, http.Handler)
)
if enableHTTP2 {
protocols = &http.Protocols{}
protocols.SetHTTP2(true)
protocols.SetUnencryptedHTTP2(true)
} else {
tlsNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
}
s.s = &http.Server{
Protocols: protocols,
TLSNextProto: tlsNextProto,
// Disable http/2, since it doesn't give any advantages for VictoriaMetrics services.
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
ReadHeaderTimeout: 5 * time.Second,
IdleTimeout: *idleConnTimeout,