From 79a0fe0cec07be381949fbd94bf50451d4c0d786 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Tue, 16 Dec 2025 14:34:22 +0100
Subject: [PATCH] devtools: use http2 for backend connection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 devtools/deployments/opencloud_full/docker-compose.yml | 5 +++++
 devtools/deployments/opencloud_full/opencloud.yml      | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/devtools/deployments/opencloud_full/docker-compose.yml b/devtools/deployments/opencloud_full/docker-compose.yml
index 99179f58aa..3e2d806998 100644
--- a/devtools/deployments/opencloud_full/docker-compose.yml
+++ b/devtools/deployments/opencloud_full/docker-compose.yml
@@ -19,6 +19,11 @@ services:
       - "--entryPoints.http.http.redirections.entryPoint.to=https"
       - "--entryPoints.http.http.redirections.entryPoint.scheme=https"
       - "--entryPoints.https.address=:443"
+      # http2 optimizations
+      - "--entryPoints.https.http2.maxConcurrentStreams=512"
+      - "--serversTransport.maxIdleConnsPerHost=100"
+      # allow self signed certificate from OpenCloud
+      - "--serversTransport.insecureSkipVerify=true"
       # change default timeouts for long-running requests
       # this is needed for webdav clients that do not support the TUS protocol
       - "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
diff --git a/devtools/deployments/opencloud_full/opencloud.yml b/devtools/deployments/opencloud_full/opencloud.yml
index afe703140d..1c8790dcf2 100644
--- a/devtools/deployments/opencloud_full/opencloud.yml
+++ b/devtools/deployments/opencloud_full/opencloud.yml
@@ -25,7 +25,7 @@ services:
       OC_LOG_COLOR: "${LOG_PRETTY:-false}"
       OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
       # do not use SSL between Traefik and OpenCloud
-      PROXY_TLS: "false"
+      PROXY_TLS: "true"
       # make the REVA gateway accessible to the app drivers
       GATEWAY_GRPC_ADDR: 0.0.0.0:9142
       # INSECURE: needed if OpenCloud / Traefik is using self generated certificates
@@ -72,6 +72,7 @@ services:
       - "traefik.http.routers.opencloud.tls.certresolver=http"
       - "traefik.http.routers.opencloud.service=opencloud"
       - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
+      - "traefik.http.services.opencloud.loadbalancer.server.scheme=https"
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always