I started hosting my website on sourcehut pages and it's worked pretty
well. However, something I've noticed is that it seems to only use HTTP/1.1.
I was wondering if this was working as intended or if it was an
oversight? HTTP/2 can improve performance and I notice sourcehut itself
uses it so it would be nice to have that there as well.
Thanks,
Lionir
On 8/3/22 17:16, Lionir wrote:
> I was wondering if this was working as intended or if it was an > oversight
pages.sr.ht uses a somewhat special setup with tlstunnel and uacme to
retrieve Let's Encrypt certificates for pages on demand. This setup
makes it a little hard to set up with HTTP/2, as the negotiation for it
happens in TLS, which is handled (and then stripped) in a different process.
Conrad
On Thursday, August 4th, 2022 at 10:32, Conrad Hoffmann <ch@bitfehler.net> wrote:
> On 8/3/22 17:16, Lionir wrote:> > > I was wondering if this was working as intended or if it was an> > oversight> > pages.sr.ht uses a somewhat special setup with tlstunnel and uacme to> retrieve Let's Encrypt certificates for pages on demand. This setup> makes it a little hard to set up with HTTP/2, as the negotiation for it> happens in TLS, which is handled (and then stripped) in a different process.
Indeed. It is possible to set up HTTP/2 with tlstunnel, but the HTTP
server needs to support reading ALPN fields from the PROXY protocol,
which nginx can only do in the pro variant iirc.
On 22-08-04 08:43:58, Simon Ser wrote:
> It is possible to set up HTTP/2 with tlstunnel, but the HTTP> server needs to support reading ALPN fields from the PROXY protocol,> which nginx can only do in the pro variant iirc.
I wonder if a similar setup can be done on top of Caddy? though I can't
say that I know how tlstunnel would interact with it (or if it needs to,
seeing that Caddy supports automatic let's encrypt certificate
negotiation).
Simon, could you point us to the how the setup for pages is done? I
can't find anything that looks relevant in the ~sircmpwn/pages.sr.ht
repo.
/Marius
On Thu Aug 4, 2022 at 1:19 PM CEST, Marius Orcsik wrote:
> I wonder if a similar setup can be done on top of Caddy? though I can't> say that I know how tlstunnel would interact with it (or if it needs to,> seeing that Caddy supports automatic let's encrypt certificate> negotiation).
We used Caddy before and I have no desire whatsoever to revisit it.
On Thursday, August 4th, 2022 at 13:19, Marius Orcsik <marius@federated.id> wrote:
> Simon, could you point us to the how the setup for pages is done? I> can't find anything that looks relevant in the ~sircmpwn/pages.sr.ht> repo.
It's nothing too crazy, just tlstunnel in front of nginx. The config
files are published at [1].
[1]: https://git.sr.ht/~sircmpwn/sr.ht-nginx/tree/master/item/pages.sr.ht
On Thu, 04 Aug 2022 11:46:35 +0000
Simon Ser <contact@emersion.fr> wrote:
> On Thursday, August 4th, 2022 at 13:19, Marius Orcsik> <marius@federated.id> wrote:> > > Simon, could you point us to the how the setup for pages is done? I> > can't find anything that looks relevant in the ~sircmpwn/pages.sr.ht> > repo.> > It's nothing too crazy, just tlstunnel in front of nginx. The config> files are published at [1].> > [1]:> https://git.sr.ht/~sircmpwn/sr.ht-nginx/tree/master/item/pages.sr.ht
Just curious, why not using HAProxy? Its support TLS, HTTP/2, and
HTTP/1.1 in single line configuration.
On Thursday, August 4th, 2022 at 14:12, Shulhan <ms@kilabit.info> wrote:
> Just curious, why not using HAProxy? Its support TLS, HTTP/2, and> HTTP/1.1 in single line configuration.
We need to obtain TLS certificates on-demand for custom domains.
(Besides, nginx can already do everything you've listed here.)