jart / cosmopolitan

build-once run-anywhere c library
ISC License
18.34k stars 630 forks source link

Redbean http/2 http/3 #595

Open itwars opened 2 years ago

itwars commented 2 years ago

Hi, Is there any chance to have those 2 transport protocoles in redbean? Thx, BR

jart commented 2 years ago

We plan to implement them at some point in the future, but don't have any immediate plans yet.

itwars commented 2 years ago

Excellent 👍

diyism commented 2 years ago

Great! If redbean server can support http/2, maybe we can enable chinese users(blocked from internet by GFW) directly visit redbean servers without users installing naiveproxy (https://github.com/klzgrad/naiveproxy which mitigate fingerprinting / traffic classification by traffic multiplexing in HTTP/2)

jart commented 2 years ago

Correct me if I'm wrong, but wouldn't it do the opposite? Modern protocols make it harder for corporations and governments to monitor traffic. One such example is TLS 1.3 with ESNI which has been blocked in the past. Redbean is interested in modern protocols because HTTP/2 and TLS 1.3 eliminate network round trips which improves the latency of your website considerably. Redbean is not designed to help you conceal your online activities.

diyism commented 2 years ago

Yes, GFW blocked ESNI, so the internet is upgrading ESNI to ECH(https://blog.cloudflare.com/encrypted-client-hello/), CCP gov is the "best" QA for the internet bug.

itwars commented 2 years ago

Agreed, according to differents reading and my nginx first tests with nginx-quic : https://hg.nginx.org/nginx-quic/shortlog/quic as quic rely on UDP it's way faster by avoiding TCP handshakes, and so on! My experience working with networks guys teach me that they don't actually understand UDP, so it will fuzz there mind to for a time :)

diyism commented 2 years ago

And for http3/quic, we could add a "send_welcome_udp(peer_ip, peer_port)" API into redbean-lua, so that we can build a mesh network for all home-hosted redbean web servers which are behind NAT.

diyism commented 2 years ago

I found nico reverse proxy (https://github.com/txthinking/nico), it can serve http2(automatically apply for ssl certificate) and forward proxy to http: "nico domain.com http://127.0.0.1:2020" but its size is 6MB, it's relative too big for redbean.

diyism commented 2 years ago

the deb package of haproxy 2.6 is only 1.4MB, and it supports http3, but there's no automatic letsencrypt cert: https://github.com/haproxy/haproxy

itwars commented 2 years ago

Yes I agree there a lot of applications layer we could use to address my needs, anyway it will be lovely to a a simple, all in one user friendly redbean binary :)

paulwratt commented 2 years ago

but there's no automatic letsencrypt cert.

is it possible to add a generic script, that is included when the prj does not have its own?

itwars commented 1 year ago

Hello,

Could you please add also brotli compression? There's some good repo:

Also a good item will be to be able to cache already gzip and brotlied assets.

diyism commented 11 months ago

Too many features are expected, but the most expected by me is the http3, currently I'm using a customized caddy web server with http3 behind NAT,(https://github.com/diyism/caddy) and I added 10 lines of golang codes into this version caddy server to send udp packets to each others to penetrate the NAT and built a mesh network, if Redbean supports http3, I can migrate the mesh network from caddy to redbean.