Can I enable HTTP/2 on OpenShift?

Question

Can I enable HTTP/2 for my website hosted on OpenShift?

I know you can use CloudFlare as a proxy, then it will provide support for HTTP/2. But I am interested in is the ability to configure precisely my apps on OpenShift.

Answer 1

No, you can't.

Hopefully, this answer will be wrong someday and and some one will correct me according to Cunningham's law.

Answer 2

There's hope!

Openshift 3 itself has a dependency of HAProxy not supporting H/2, so unfortunately there's close to no support.. There is hope for partial support for HTTP/2. You can keep an eye on this GitHub issue to see if they'd consider swapping out HAProxy.

From the mentioned issue:

Actually, the status is not too bad. We got HTTP/2 working when the public route uses a pass-through TLS termination strategy.

So:

H2 between pods works (with TLS) H2C between pods works (H2C with and without TLS) H2 behind a public route requires the route TLS termination to be "pass-through" H2C behind a public route requires the same and SSL enabled on the server side

Also HAProxy itself promised to make HTTP/2 a major focus for their next release (we were teased with the hope of H/2 support for release 1.7, but it didn't happen). If you'd like to read more on HAProxy H/2 support, then there's a promising SO answer and a Discourse discussion.

Answer 3

As of OpenShift 3.11 you can enable it with the environment variable ROUTER_ENABLE_HTTP2, see https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html#ocp-311-haproxy-enhancements

Implements HAProxy router HTTP/2 support (terminating at the router).

$ oc set env dc/router ROUTER_ENABLE_HTTP2=true