7

AWS Application Load Balancer ALBs support HTTP/2, and one would think we could switch over to these and immediately enjoy the benefits of HTTP/2.

Is there any possible a way to terminate HTTP/2 on ALB, so that the web servers don't need to be configured to support HTTP/2?

Sankalp Sharma
  • 267
  • 1
  • 3
  • 12

2 Answers2

21

Is there any possible a way to terminate HTTP/2 on AWS Application ELB, so that the web servers don't need to be configured to support HTTP/2?

They already don't need to be.

On Application Load Balancer (ELB/2.0) that's how it works out of the box. The ALB speaks to the instances using HTTP/1.1 while speaking HTTP/2 to the browser if the browser supports it, otherwise HTTP/1.x.

You can use HTTP/2 with HTTPS listeners. You can send up to 128 requests in parallel using one HTTP/2 connection. The load balancer converts these to individual HTTP/1.1 requests and distributes them across the healthy targets in the target group using the round robin routing algorithm. (emphasis added)

http://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html

Michael - sqlbot
  • 21,988
  • 1
  • 57
  • 81
  • Thanks for taking the time to respond. I've updated the question to better reflect what I'm trying to do. I'm in fact using an ALB with HTTPS, but I don't want my backend server (nginx in my case) to be running either HTTPS or HTTP/2. So in effect, I want HTTP/2 to be terminated at the ALB itself. – Sankalp Sharma Mar 07 '17 at 05:20
  • 1
    @SankalpSharma based on your comment, my answer still stands as written. An HTTPS *listener* refers to the client-facing side of the balancer. It does not need to speak HTTPS to the back-end, it can speak HTTP/1.1 without TLS (SSL). What you want to do is how ALB already works, automatically. – Michael - sqlbot Mar 07 '17 at 23:57
  • But I'm talking about HTTP/2, not HTTPS :) – Sankalp Sharma Mar 08 '17 at 07:56
  • I already said in the answer that the instances do not need to be capable of HTTP/2. Then you said "I don't want my backend server (nginx in my case) to be running either **HTTPS** or HTTP/2." Okay, great... So, I then clarified that HTTPS on the instance is also not required, just like HTTP/2 is not required. The instances do not need to speak HTTP/2. The instances do not need to speak HTTPS. The ALB will still speak HTTP/2 and HTTPS to clients, HTTP/1.1 to the instance. This is how ALB automatically works, all of the time, always. You seem to be overthinking the complexity of this. – Michael - sqlbot Mar 08 '17 at 10:53
  • Understood your point. In that case, how to I configure ALB to use HTTP/2 as a protocol, and to forward HTTP request to the backend servers?There seems to be no configuration to do this, and documentation seems to be sparse at best. – Sankalp Sharma Mar 08 '17 at 13:20
  • 1
    This is the default behavior. No configuration is needed. – Michael - sqlbot Sep 28 '18 at 02:42
  • It seems like this is indeed the default as of now. Seems like wasn't the case when I had originally stumbled on this problem. Thanks to everyone who became the part of this discussion. – Sankalp Sharma Sep 29 '18 at 06:39
  • apparently @Michael-sqlbot is an AWS aficionado. This answer doesn't hold water if you want to use gRPC all the way to your gRPC server since none of the AWS LBs speak http2 with the backend. – pcodex Aug 01 '20 at 23:14
  • @pcodex this question is **specifically** about (a) AWS ALB with (b) backends that do not speak HTTP/2... so if you want or need HTTP/2 on the backend then this the problem is not with my answer, which is not about that scenario. – Michael - sqlbot Aug 02 '20 at 00:04
3

ELB doesn't support HTTP2, ALB does, and so does CloudFront. You could put ELB into TCP mode and support HTTP2 using your web server, but that removes the protection you get from an ELB (it protects you again a bunch of attacks, DDOS, SYN Flood, etc).

If you need HTTP/2 your options, in the order I think best, are:

  • Use CloudFront (restrict locations if you want to keep costs down)
  • Use an ALB
  • Use ELB in TCP mode with HTTP2 on your web server
Tim
  • 30,383
  • 6
  • 47
  • 77
  • Thanks for taking the time to answer. I think my question was a bit malformed, so I've corrected it. I am indeed using ALB (Application Load Balancer), but my backend server is not configured to support HTTP/2, and I don't want to either (for now). – Sankalp Sharma Mar 07 '17 at 03:20
  • Ah ok. Your back end web server doesn't even have to be https, let alone http2 over https. – Tim Mar 07 '17 at 04:43
  • Yep, that's it. – Sankalp Sharma Mar 07 '17 at 05:18