dlmarion commented on PR #4982: URL: https://github.com/apache/accumulo/pull/4982#issuecomment-2417960681
> Also, based on a conversation with @dlmarion , I understand that the main motivation for supporting HTTP/2 was to support adding a was to push micrometer metrics to the monitor. We discussed other means of accomplishing that, so I don't think this is really needed anymore, so unless I'm wrong about this, I don't think this alone adds any value to Accumulo. If we are able to use the Thrift RPC for getting metrics *and* logs to the Monitor, then I agree that this is not needed. However, I think that #4879 may have introduced a potential issue, which is highlighted at https://github.com/apache/accumulo/pull/4879#issuecomment-2414359562. > I'm still looking at the details of the implementation in this PR, but the more I read about HTTP/2, the more I'm thinking this is probably more trouble than it's worth. Browsers (or perhaps most clients) don't typically support HTTP/2 without TLS, so, it adds a lot of complexity to our code (and Jetty code is notoriously frustrating to upgrade across major versions, so complexity is best avoided). > > If we are going to do HTTP/2, I suggest these steps first (in separate, incremental PRs): > > 1. Upgrade to newest web stack (latest Jetty, Jersey, jakartaee BOM, etc.), then > 2. Force use of TLS instead of making it configurable (use a generated self-signed cert by default, unless user configures one), to eliminate the complexity of supporting both TLS and non-TLS, then > 3. Force use of HTTP/2 (no fallback to HTTP/1.1), so there's no need to configure the extra factory, and no need for the configuration option or extra factory setup (all major browsers and CLI tools, like wget2 and cURL, support HTTP/2, so there's no reason to support HTTP/1.1) > I think there is still a case for HTTP/2 without TLS, even when used with a browser. That case is when SSL termination is done at some proxy, with only http being used behind the proxy. If we still end up needing to do this, then we might need/want to account for this case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
