Websocket over HTTP/2

For testing purposes, I’ve setup a simple website with one web page and a websocket endpoint. The webpage contains a small javascript code that connects to the websocket endpoint. Looking at Chrome developer tools, I realized that even though the web page is fetched using HTTP/2, the websocket connection is over HTTP/1.1.

I then tried fetching the webpage using the nghttp tool with -v option. These are the server settings reportedly received:

[  0.043] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
          (niv=3)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):256]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65536]
          [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]

According to RFC 8441, a setting named SETTINGS_ENABLE_CONNECT_PROTOCOL with a value of 1 should be sent by the server before the client can use the extended CONNECT method (which is supposed to be used for creating websocket tunnels over HTTP/2). Doesn’t Cloudflare support that?

Is your origin host/website working fine over HTTPS when Cloudflare is in “Paused” mode temporary for testing purpose? :thinking:

Are you using WSS scheme?

Is WebSocket feature enabled at Cloudflare dashboard?

Is HTTP/2 working on the origin host?

Is HTTP/2 feature enabled at Cloudflare dashboard?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Is your origin host/website working fine over HTTPS when Cloudflare is in “Paused” mode temporary for testing purpose?

I don’t think paused mode is going to work, since I’m using cloudflare tunnels to connect the origin serveres.

Are you using WSS scheme?

Yes.

Is WebSocket feature enabled at Cloudflare dashboard?

Yes.

Is HTTP/2 working on the origin host?

No. I was hoping I could leave the origin server to work with HTTP/1.1 (at least for now), and have CF make the conversion from HTTP/2 to HTTP/1.1. Is that not supposed to work?

Is HTTP/2 feature enabled at Cloudflare dashboard?

Yes.

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

It’s in “full” mode (i.e. self-signed certificate to talk to origin servers).

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.