On 12/10/22 15:15, Aryeh Friedman wrote:
Is there any browser support for direct UDP sockets in any browser
besides Chrome? I know WebRTC and Websockets force TCP. I know
Chrome does support UDP but can find no evidence one way for the other
browsers.
I'm sure you know that if Chrome is doing it, you can be sure that the
other browsers either already do or are planning to have it in a new
release very soon.
As far I can tell there are no web servers and/or major hosting
companies (i.e. AWS, etc.) that support UIUC/HTTP3. For that reason,
I am playing with different options for making a stripped down UDP
HTTP server (prefer 3 but forcing TLS seems to be a deal breaker for
anyone except name brand sites like Google -- E.g. my main client had
a total cow over the $500/yr fee for a Comodo multi-domain cert even
though due to being healthcare it is a legal requirement.)
I'm not in touch with which of the major web servers can do H3/QUIC.
Almost all of my web servers are behind haproxy, to offload TLS and make
decisions about which webserver will receive each request. Except in
cases where it just wasn't possible for one reason or another (like
plex) all backend communication in haproxy is unencrypted. At this
time, haproxy only supports H3/QUIC on the front end, not the back end.
Most of the backends are h2c, some only do http/1.1. (side note ... I
am still seeing http/1.0 requests in my logs, and even a few 0.9.)
If I ever find myself in a situation where I need to make a container
like Tomcat reachable from the Internet, I will be using haproxy as the
front end, not the common choice of Apache of Nginx. The only reason I
can see for using one of those webservers is to have a separate logfile
for each domain. The log that haproxy produces is good enough for me.
I have another haproxy installation in AWS on my mail server, configured
the same way as the main install in my basement. Mostly for my webmail,
but I do have a few other websites on that install. It handles
UDP/443. This little website is running on my AWS instance:
https://http3test.elyograg.org/
If you visit that page and look at the cert, you'll see it's made by
LetsEncrypt. Renewal and deployment of that cert is completely
automated, so the 90 day lifetime is not the administrative hassle that
it could be. I am planning to implement the same automated LE
certificate deployment at $DAYJOB that I already have for my personal
domains. I work for a company that handles healthcare data, and nobody
has raised a concern about HITRUST not allowing free certificates.
Thanks,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
