@CCShadow I was trying to enable HTTP2
# spicedbp
presharedkeysomething
01/13/2025, 8:33 AM@User I was trying to enable HTTP2 for http server which servers http/json requests to spiceDB. I added TLS certificate and using that when running spicedb locally but when I try to make requests via curl I see HTTP/1.1 responses.
A part of my docker-compose
Copy code
services:
spicedb:
image: "authzed/spicedb"
command: >
serve
--http-enabled=true
--http-addr=:8080
--http-tls-cert-path=/certs/server.crt
--http-tls-key-path=/certs/server.key
--log-level=debug
--log-format=text
restart: "always"
ports:
- "9090:9090"
- "50051:50051"
- "8080:8080"
environment:
- "SPICEDB_GRPC_PRESHARED_KEY=something"
- "SPICEDB_DATASTORE_ENGINE=postgres"
- "SPICEDB_DATASTORE_CONN_URI=postgres://postgres:secret@database:5432/spicedb?sslmode=disable"
- "GRPC_TRACE=all"
- "GRPC_VERBOSITY=DEBUG"
volumes:
- "./certs:/certs:ro" # Mount the certs directory from host to container
depends_on:
- "migrate"v
vroldanbet
01/13/2025, 11:13 AMthe http gateway and metrics endpoint do not support H2. It's a relatively simple one-line change, but AFAIK, if you want to test that, you'll need to change SpiceDB code.
you'd have to change the [TLS listener configuration](https://github.com/authzed/spicedb/blob/main/pkg/cmd/util/util.go#L340-L343) and add
NextProtos"http/1.1", "h2"vroldanbet
01/13/2025, 11:14 AMwhat are you trying to achieve with H2 HTTP Gateway? a more apples-to-apples comparison with gRPC?
p
presharedkeysomething
01/14/2025, 11:00 AM@vroldanbet Yeah, that's the goal. Were you able to make http2 calls using this change?
v
vroldanbet
01/14/2025, 11:00 AMyeah
p
presharedkeysomething
01/14/2025, 11:26 AM@User What were you test results like? Which performed better?
gRPC vs HTTP/REST
v
vroldanbet
01/14/2025, 11:59 AMI didn't do any performance tests. I only focused on figuring out why you were not getting H2 responses.
7 Views