Merge pull request #2040 from opencloud-eu/http2

allow http2 connections to proxy
2026-01-06 12:19:37 -06:00 · 2025-12-16 17:13:42 +01:00
parent 3ea736c283 79a0fe0cec
commit 196a4abfaa
4 changed files with 10 additions and 2 deletions
--- a/.woodpecker.star
+++ b/.woodpecker.star
@@ -1231,7 +1231,7 @@ def wopiValidatorTests(ctx, storage, wopiServerType, accounts_hash_difficulty =
                         "commands": [
                             "curl -v -X PUT '%s/remote.php/webdav/test.wopitest' -k --fail --retry-connrefused --retry 7 --retry-all-errors -u admin:admin -D headers.txt" % OC_URL,
                             "cat headers.txt",
-                             "export FILE_ID=$(cat headers.txt | sed -n -e 's/^.*Oc-Fileid: //p')",
+                             "export FILE_ID=$(cat headers.txt | sed -n -e 's/^.*oc-fileid: //Ip')",
                             "export URL=\"%s/app/open?app_name=FakeOffice&file_id=$FILE_ID\"" % OC_URL,
                             "export URL=$(echo $URL | tr -d '[:cntrl:]')",
                             "curl -v -X POST \"$URL\" -k --fail --retry-connrefused --retry 7 --retry-all-errors -u admin:admin > open.json",
--- a/devtools/deployments/opencloud_full/docker-compose.yml
+++ b/devtools/deployments/opencloud_full/docker-compose.yml
@@ -19,6 +19,11 @@ services:
      - "--entryPoints.http.http.redirections.entryPoint.to=https"
      - "--entryPoints.http.http.redirections.entryPoint.scheme=https"
      - "--entryPoints.https.address=:443"
+      # http2 optimizations
+      - "--entryPoints.https.http2.maxConcurrentStreams=512"
+      - "--serversTransport.maxIdleConnsPerHost=100"
+      # allow self signed certificate from OpenCloud
+      - "--serversTransport.insecureSkipVerify=true"
      # change default timeouts for long-running requests
      # this is needed for webdav clients that do not support the TUS protocol
      - "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
--- a/devtools/deployments/opencloud_full/opencloud.yml
+++ b/devtools/deployments/opencloud_full/opencloud.yml
@@ -25,7 +25,7 @@ services:
      OC_LOG_COLOR: "${LOG_PRETTY:-false}"
      OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
      # do not use SSL between Traefik and OpenCloud
-      PROXY_TLS: "false"
+      PROXY_TLS: "true"
      # make the REVA gateway accessible to the app drivers
      GATEWAY_GRPC_ADDR: 0.0.0.0:9142
      # INSECURE: needed if OpenCloud / Traefik is using self generated certificates
@@ -72,6 +72,7 @@ services:
      - "traefik.http.routers.opencloud.tls.certresolver=http"
      - "traefik.http.routers.opencloud.service=opencloud"
      - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
+      - "traefik.http.services.opencloud.loadbalancer.server.scheme=https"
    logging:
      driver: ${LOG_DRIVER:-local}
    restart: always
--- a/pkg/service/http/service.go
+++ b/pkg/service/http/service.go
@@ -49,6 +49,8 @@ func NewService(opts ...Option) (Service, error) {
 		}
 		tlsConfig := &tls.Config{
 			Certificates: []tls.Certificate{cert},
+			MinVersion:   tls.VersionTLS12,
+			NextProtos:   []string{"h2", "http/1.1"},
 		}
 		mServer = mhttps.NewServer(server.TLSConfig(tlsConfig))
 	} else {