[jetty-users] Updating Solr to allow http2

Discussion:

Shawn Heisey

2018-02-26 18:49:38 UTC

Solr is an Apache project that uses Jetty.

It includes a very stripped-down install of Jetty. Recently somebody
wanted to enable HTTP/2 on their Solr server. Presumably they're using
a client that supports it.

Solr's install of Jetty doesn't include the jars for HTTP/2. These are
the jars we currently install in Jetty's lib directory (in our master
branch):

gmetric4j-1.0.7.jar
javax.servlet-api-3.1.0.jar
jetty-continuation-9.4.8.v20171121.jar
jetty-deploy-9.4.8.v20171121.jar
jetty-http-9.4.8.v20171121.jar
jetty-io-9.4.8.v20171121.jar
jetty-jmx-9.4.8.v20171121.jar
jetty-rewrite-9.4.8.v20171121.jar
jetty-security-9.4.8.v20171121.jar
jetty-server-9.4.8.v20171121.jar
jetty-servlet-9.4.8.v20171121.jar
jetty-servlets-9.4.8.v20171121.jar
jetty-util-9.4.8.v20171121.jar
jetty-webapp-9.4.8.v20171121.jar
jetty-xml-9.4.8.v20171121.jar
metrics-core-3.2.2.jar
metrics-ganglia-3.2.2.jar
metrics-graphite-3.2.2.jar
metrics-jetty9-3.2.2.jar
metrics-jvm-3.2.2.jar

So to make this possible, I need to add the three jars that are in
lib/http2 ... but from what I can tell, I also need to add
jetty-alpn-server.

The Solr codebase uses ivy for dependency management. The dependencies
showing on Maven Central for the http2 jars and jetty-alpn-server don't
show any other dependencies that Solr is missing, but if I look at the
Jetty 9.4.8 download, I do see some other jars that look possibly
related -- like alpn-api, and a number of other jetty-alpn jars.

Is Maven showing the correct dependency information, or do I need these
other alpn jars in order to enable HTTP/2? Is there anything else that
I need that I haven't touched on?

Thanks,
Shawn

Joakim Erdfelt

2018-02-26 19:02:19 UTC

Permalink

Don't forget to think about what JVM Runtime you are running on.

https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html

Java 1.8? Then you need a -Xbootclasspath/p:<path_to_alpn_boot_jar> for
your alpn-boot-<jvm-version-dependent>.jar
JVM Version to alpn-boot table:
https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html#alpn-versions

Java 9? Then you don't use alpn-boot, but instead you need
`jetty-alpn-java-server` artifact present in your classpath (don't add this
artifact for Java 1.8 runtime)

Post by Shawn Heisey
Solr is an Apache project that uses Jetty.
It includes a very stripped-down install of Jetty. Recently somebody
wanted to enable HTTP/2 on their Solr server. Presumably they're using
a client that supports it.
Solr's install of Jetty doesn't include the jars for HTTP/2. These are
the jars we currently install in Jetty's lib directory (in our master
gmetric4j-1.0.7.jar
javax.servlet-api-3.1.0.jar
jetty-continuation-9.4.8.v20171121.jar
jetty-deploy-9.4.8.v20171121.jar
jetty-http-9.4.8.v20171121.jar
jetty-io-9.4.8.v20171121.jar
jetty-jmx-9.4.8.v20171121.jar
jetty-rewrite-9.4.8.v20171121.jar
jetty-security-9.4.8.v20171121.jar
jetty-server-9.4.8.v20171121.jar
jetty-servlet-9.4.8.v20171121.jar
jetty-servlets-9.4.8.v20171121.jar
jetty-util-9.4.8.v20171121.jar
jetty-webapp-9.4.8.v20171121.jar
jetty-xml-9.4.8.v20171121.jar
metrics-core-3.2.2.jar
metrics-ganglia-3.2.2.jar
metrics-graphite-3.2.2.jar
metrics-jetty9-3.2.2.jar
metrics-jvm-3.2.2.jar
So to make this possible, I need to add the three jars that are in
lib/http2 ... but from what I can tell, I also need to add
jetty-alpn-server.
The Solr codebase uses ivy for dependency management. The dependencies
showing on Maven Central for the http2 jars and jetty-alpn-server don't
show any other dependencies that Solr is missing, but if I look at the
Jetty 9.4.8 download, I do see some other jars that look possibly
related -- like alpn-api, and a number of other jetty-alpn jars.
Is Maven showing the correct dependency information, or do I need these
other alpn jars in order to enable HTTP/2? Is there anything else that
I need that I haven't touched on?
Thanks,
Shawn
_______________________________________________
jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Shawn Heisey

2018-02-26 20:10:02 UTC

Permalink

Post by Joakim Erdfelt
Don't forget to think about what JVM Runtime you are running on.
https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html
Java 1.8? Then you need a -Xbootclasspath/p:<path_to_alpn_boot_jar> for
your alpn-boot-<jvm-version-dependent>.jar
JVM Version to alpn-boot
table: https://www.eclipse.org/jetty/documentation/9.4.x/alpn-chapter.html#alpn-versions
Java 9? Then you don't use alpn-boot, but instead you need
`jetty-alpn-java-server` artifact present in your classpath (don't add
this artifact for Java 1.8 runtime)

Recent Solr versions support Java 8 and Java 9. We recommend either
Oracle or OpenJDK, because other implementations (primarily IBM's) are
known to have problems with Lucene-based software. Because Solr does
not enforce one provider over another, I have absolutely no idea what
JVM the user will be using.

Reading the page you provided about ALPN, it sounds like Solr could
probably include the conscrypt provider (and any dependencies that
requires) and have everything work. When we update to require Java 9,
then Solr can switch to the provider using the ALPN support built into
the JVM. The documentation for Solr can refer users to Jetty
documentation if they really want to use a different ALPN provider.

Does HTTP/2 on Jetty require TLS, or can it work without encryption? I
know that TLS is definitely preferred, and most clients will require it,
but it's a question I know people will ask, so I want to get it answered
now. I'm going to guess that TLS will be required.

Thanks,
Shawn

Joakim Erdfelt

2018-02-26 20:17:29 UTC

Permalink

IIRC, TLS (w/ALPN) is required for all user-agents to use for HTTP/2.

There is a protocol called "h2c" that allows for HTTP/2 in clear-text, but
no client supports that.
However many load balancers, and proxies do.

If you have such a setup, then the LB or Proxy would talk to Jetty via
"h2c".

As for Jetty support for "h2c", that's a different connection factory.
(HTTP2*C*ServerConnectionFactory vs HTTP2ServerConnectionFactory)
See:
https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/examples/embedded/src/main/java/org/eclipse/jetty/embedded/Http2Server.java#L96
(and line #116)

Post by Joakim Erdfelt

alpn-chapter.html#alpn-versions

Post by Joakim Erdfelt
Java 9? Then you don't use alpn-boot, but instead you need
`jetty-alpn-java-server` artifact present in your classpath (don't add
this artifact for Java 1.8 runtime)

Recent Solr versions support Java 8 and Java 9. We recommend either
Oracle or OpenJDK, because other implementations (primarily IBM's) are
known to have problems with Lucene-based software. Because Solr does
not enforce one provider over another, I have absolutely no idea what
JVM the user will be using.
Reading the page you provided about ALPN, it sounds like Solr could
probably include the conscrypt provider (and any dependencies that
requires) and have everything work. When we update to require Java 9,
then Solr can switch to the provider using the ALPN support built into
the JVM. The documentation for Solr can refer users to Jetty
documentation if they really want to use a different ALPN provider.
Does HTTP/2 on Jetty require TLS, or can it work without encryption? I
know that TLS is definitely preferred, and most clients will require it,
but it's a question I know people will ask, so I want to get it answered
now. I'm going to guess that TLS will be required.
Thanks,
Shawn
_______________________________________________
jetty-users mailing list
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users