cosmopolitan icon indicating copy to clipboard operation
cosmopolitan copied to clipboard

Published 20 hours ago verified publisher icon jart

Redbean http/2 http/3

Open itwars opened this issue 3 years ago • 13 comments

Hi, Is there any chance to have those 2 transport protocoles in redbean? Thx, BR

itwars avatar Sep 06 '22 12:09 itwars

We plan to implement them at some point in the future, but don't have any immediate plans yet.

jart avatar Sep 06 '22 14:09 jart

Excellent 👍

itwars avatar Sep 06 '22 19:09 itwars

Great! If redbean server can support http/2, maybe we can enable chinese users(blocked from internet by GFW) directly visit redbean servers without users installing naiveproxy (https://github.com/klzgrad/naiveproxy which mitigate fingerprinting / traffic classification by traffic multiplexing in HTTP/2)

diyism avatar Sep 07 '22 05:09 diyism

Correct me if I'm wrong, but wouldn't it do the opposite? Modern protocols make it harder for corporations and governments to monitor traffic. One such example is TLS 1.3 with ESNI which has been blocked in the past. Redbean is interested in modern protocols because HTTP/2 and TLS 1.3 eliminate network round trips which improves the latency of your website considerably. Redbean is not designed to help you conceal your online activities.

jart avatar Sep 07 '22 05:09 jart

Yes, GFW blocked ESNI, so the internet is upgrading ESNI to ECH(https://blog.cloudflare.com/encrypted-client-hello/), CCP gov is the "best" QA for the internet bug.

diyism avatar Sep 07 '22 05:09 diyism

Agreed, according to differents reading and my nginx first tests with nginx-quic : https://hg.nginx.org/nginx-quic/shortlog/quic as quic rely on UDP it's way faster by avoiding TCP handshakes, and so on! My experience working with networks guys teach me that they don't actually understand UDP, so it will fuzz there mind to for a time :)

itwars avatar Sep 07 '22 06:09 itwars

And for http3/quic, we could add a "send_welcome_udp(peer_ip, peer_port)" API into redbean-lua, so that we can build a mesh network for all home-hosted redbean web servers which are behind NAT.

diyism avatar Sep 13 '22 16:09 diyism

I found nico reverse proxy (https://github.com/txthinking/nico), it can serve http2(automatically apply for ssl certificate) and forward proxy to http: "nico domain.com http://127.0.0.1:2020" but its size is 6MB, it's relative too big for redbean.

diyism avatar Sep 19 '22 17:09 diyism

the deb package of haproxy 2.6 is only 1.4MB, and it supports http3, but there's no automatic letsencrypt cert: https://github.com/haproxy/haproxy

diyism avatar Sep 25 '22 13:09 diyism

Yes I agree there a lot of applications layer we could use to address my needs, anyway it will be lovely to a a simple, all in one user friendly redbean binary :)

itwars avatar Sep 28 '22 13:09 itwars

but there's no automatic letsencrypt cert.

is it possible to add a generic script, that is included when the prj does not have its own?

paulwratt avatar Sep 29 '22 11:09 paulwratt

Hello,

Could you please add also brotli compression? There's some good repo:

  • https://github.com/google/brotli
  • https://github.com/mcmilk/7-Zip-zstd

Also a good item will be to be able to cache already gzip and brotlied assets.

itwars avatar Jun 19 '23 07:06 itwars

Too many features are expected, but the most expected by me is the http3, currently I'm using a customized caddy web server with http3 behind NAT,(https://github.com/diyism/caddy) and I added 10 lines of golang codes into this version caddy server to send udp packets to each others to penetrate the NAT and built a mesh network, if Redbean supports http3, I can migrate the mesh network from caddy to redbean.

diyism avatar Nov 25 '23 04:11 diyism