Add HTTP/2 support option and add test (TykTechnologies#2110)

This PR adds HTTP/2 support option to Tyk. 

For example:
There are an HTTP/2 downstream and an HTTP/2 upstream. Tyk will be able to work in that case.

This PR adds two options by default `true` (in default configs, so existing customers not affected):
- `enable_http2` for downstream-Tyk HTTP/2 connection
- `proxy_enable_http2` for Tyk-upstream HTTP/2 connection

Fixes TykTechnologies/product#98

cert_test.go

@@ -18,6 +18,8 @@ import (
 	"testing"
 	"time"
 
+	"golang.org/x/net/http2"
+
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/certs"
 	"github.com/TykTechnologies/tyk/config"
@@ -648,3 +650,53 @@ func TestCipherSuites(t *testing.T) {
 		ts.Run(t, test.TestCase{Client: client, Path: "/", ErrorMatch: "tls: handshake failure"})
 	})
 }
+
+func TestHTTP2(t *testing.T) {
+	expected := "HTTP/2.0"
+
+	// Certificates
+	_, _, _, clientCert := genCertificate(&x509.Certificate{})
+	serverCertPem, _, combinedPEM, _ := genServerCertificate()
+	certID, _ := CertificateManager.Add(combinedPEM, "")
+	defer CertificateManager.Delete(certID)
+
+	// Upstream server supporting HTTP/2
+	upstream := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		actual := r.Proto
+		if expected != actual {
+			t.Fatalf("Tyk-Upstream connection protocol is expected %s, actual %s", expected, actual)
+		}
+
+		fmt.Fprintln(w, "Hello, I am an HTTP/2 Server")
+
+	}))
+	upstream.TLS = new(tls.Config)
+	upstream.TLS.NextProtos = []string{"h2"}
+	upstream.StartTLS()
+	defer upstream.Close()
+
+	// Tyk
+	globalConf := config.Global()
+	globalConf.ProxySSLInsecureSkipVerify = true
+	globalConf.ProxyEnableHttp2 = true
+	globalConf.HttpServerOptions.EnableHttp2 = true
+	globalConf.HttpServerOptions.SSLCertificates = []string{certID}
+	globalConf.HttpServerOptions.UseSSL = true
+	config.SetGlobal(globalConf)
+	defer resetTestConfig()
+
+	ts := newTykTestServer()
+	defer ts.Close()
+
+	buildAndLoadAPI(func(spec *APISpec) {
+		spec.Proxy.ListenPath = "/"
+		spec.UseKeylessAccess = true
+		spec.Proxy.TargetURL = upstream.URL
+	})
+
+	// HTTP/2 client
+	http2Client := getTLSClient(&clientCert, serverCertPem)
+	http2.ConfigureTransport(http2Client.Transport.(*http.Transport))
+
+	ts.Run(t, test.TestCase{Client: http2Client, Path: "", Code: 200, Proto: "HTTP/2.0", BodyMatch: "Hello, I am an HTTP/2 Server"})
+}

config/config.go

@@ -143,6 +143,7 @@ type HttpServerOptionsConfig struct {
 	WriteTimeout           int        `json:"write_timeout"`
 	UseSSL                 bool       `json:"use_ssl"`
 	UseLE_SSL              bool       `json:"use_ssl_le"`
+	EnableHttp2            bool       `json:"enable_http2"`
 	SSLInsecureSkipVerify  bool       `json:"ssl_insecure_skip_verify"`
 	EnableWebSockets       bool       `json:"enable_websockets"`
 	Certificates           []CertData `json:"certificates"`
@@ -300,6 +301,7 @@ type Config struct {
 	MaxConnTime                       int64                                 `json:"max_conn_time"`
 	ReloadWaitTime                    int                                   `bson:"reload_wait_time" json:"reload_wait_time"`
 	ProxySSLInsecureSkipVerify        bool                                  `json:"proxy_ssl_insecure_skip_verify"`
+	ProxyEnableHttp2                  bool                                  `json:"proxy_enable_http2"`
 	ProxySSLMinVersion                uint16                                `json:"proxy_ssl_min_version"`
 	ProxySSLCipherSuites              []string                              `json:"proxy_ssl_ciphers"`
 	ProxyDefaultTimeout               float64                               `json:"proxy_default_timeout"`

dnscache/storage.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/pmylund/go-cache"
+	cache "github.com/pmylund/go-cache"
 )
 
 // DnsCacheItem represents single record in cache

handler_success.go

@@ -10,9 +10,8 @@ import (
 	"strings"
 	"time"
 
-	"github.com/pmylund/go-cache"
-
 	"github.com/TykTechnologies/tyk/request"
+	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/config"
 	"github.com/TykTechnologies/tyk/user"

helpers_test.go

@@ -21,10 +21,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/websocket"
-	"github.com/satori/go.uuid"
+	uuid "github.com/satori/go.uuid"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"

host_checker.go

@@ -9,7 +9,7 @@ import (
 	"time"
 
 	"github.com/jeffail/tunny"
-	"github.com/pmylund/go-cache"
+	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/config"
 )

install/data/tyk.self_contained.conf

@@ -58,10 +58,12 @@
     }
   },
   "http_server_options": {
+    "enable_http2": true,
     "enable_websockets": true
   },
   "hostname": "",
   "enable_custom_domains": true,
+  "proxy_enable_http2": true,
   "enable_jsvm": true,
   "oauth_redirect_uri_separator": ";",
   "coprocess_options": {

install/data/tyk.with_dash.conf

@@ -63,6 +63,7 @@
     "disable_cached_session_state": false
   },
   "http_server_options": {
+    "enable_http2": true,
     "enable_websockets": true
   },
   "uptime_tests": {
@@ -76,6 +77,7 @@
   },
   "hostname": "",
   "enable_custom_domains": true,
+  "proxy_enable_http2": true,
   "enable_jsvm": true,
   "oauth_redirect_uri_separator": ";",
   "coprocess_options": {

main.go

@@ -19,12 +19,14 @@ import (
 	"sync"
 	"time"
 
+	"golang.org/x/net/http2"
+
 	newrelic "github.com/newrelic/go-agent"
 
 	"github.com/TykTechnologies/tyk/checkup"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/Sirupsen/logrus/hooks/syslog"
+	logrus_syslog "github.com/Sirupsen/logrus/hooks/syslog"
 	logstashHook "github.com/bshuster-repo/logrus-logstash-hook"
 	"github.com/evalphobia/logrus_sentry"
 	"github.com/facebookgo/pidfile"
@@ -1145,6 +1147,10 @@ func generateListener(listenPort int) (net.Listener, error) {
 			CipherSuites:       getCipherAliases(httpServerOptions.Ciphers),
 		}
 
+		if httpServerOptions.EnableHttp2 {
+			tlsConfig.NextProtos = append(tlsConfig.NextProtos, http2.NextProtoTLS)
+		}
+
 		tlsConfig.GetConfigForClient = getTLSConfigForClient(&tlsConfig, listenPort)
 
 		return tls.Listen("tcp", targetPort, &tlsConfig)

middleware.go

@@ -9,9 +9,9 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/gocraft/health"
 	"github.com/justinas/alice"
-	"github.com/newrelic/go-agent"
+	newrelic "github.com/newrelic/go-agent"
 	"github.com/paulbellamy/ratecounter"
-	"github.com/pmylund/go-cache"
+	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"

mw_js_plugin_test.go

@@ -13,7 +13,7 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
-	"github.com/x-cray/logrus-prefixed-formatter"
+	prefixed "github.com/x-cray/logrus-prefixed-formatter"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"

reverse_proxy.go

@@ -26,8 +26,10 @@ import (
 	"sync"
 	"time"
 
+	"golang.org/x/net/http2"
+
 	"github.com/Sirupsen/logrus"
-	"github.com/pmylund/go-cache"
+	cache "github.com/pmylund/go-cache"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"
@@ -499,6 +501,10 @@ func httpTransport(timeOut float64, rw http.ResponseWriter, req *http.Request, p
 		return wsTransport
 	}
 
+	if config.Global().ProxyEnableHttp2 {
+		http2.ConfigureTransport(transport)
+	}
+
 	return transport
 }
 

test/http.go

@@ -14,6 +14,7 @@ import (
 type TestCase struct {
 	Method, Path    string            `json:",omitempty"`
 	Domain          string            `json:",omitempty"`
+	Proto           string            `json:",omitempty"`
 	Code            int               `json:",omitempty"`
 	Data            interface{}       `json:",omitempty"`
 	Headers         map[string]string `json:",omitempty"`
@@ -54,6 +55,10 @@ func AssertResponse(resp *http.Response, tc TestCase) error {
 		return fmt.Errorf("Response body did not pass BodyMatchFunc: %s", string(body))
 	}
 
+	if tc.Proto != "" && tc.Proto != resp.Proto {
+		return fmt.Errorf("Expected protocol `%s` got `%s`.", tc.Proto, resp.Proto)
+	}
+
 	for k, v := range tc.HeadersMatch {
 		if resp.Header.Get(k) != v {
 			return fmt.Errorf("Response header `%s` expected `%s` instead `%s`. %v", k, v, resp.Header.Get(k), resp.Header)