Hello,
I am looking to build a local HTTP2 proxy server using SwiftNIO in my iOS App without TLS. It will be great if someone can share some guidance. The example posted at swift-nio-examples/http2-server/Sources/http2-server at main · apple/swift-nio-examples · GitHub uses self signed certificate.
More specifically, I am looking to build a local proxy server for AVPlayer and unfortunately AVPlayer doesn't provide a way for us to trust self signed certificate and so we're left with 2 options.
- Run HTTP2 server without TLS.
- Create a certificate signed by trusted authority in the local proxy server.
We wanted to try option 1 above, and I tried running local server with the modifying example swift-nio-examples/http2-server/Sources/http2-server at main · apple/swift-nio-examples · GitHub by removing TLS specific configuration, but when we tried the request is simply stuck on the server and doesn't get passed to next handler.
Note that HTTP1 proxy server isn't an option for us.
Any help will be appreciated, thanks!
Here's a very basic SwiftNIO HTTP/2 server that speaks plaintext: swift-nio-http2/Sources/NIOHTTP2Server/main.swift at main · apple/swift-nio-http2 · GitHub .
You can hit it -- for example -- with curl:
$ curl -v --http2-prior-knowledge http://localhost:8888
* Host localhost:8888 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:8888...
* Connected to localhost (::1) port 8888
* [HTTP/2] [1] OPENED stream for http://localhost:8888/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: http]
* [HTTP/2] [1] [:authority: localhost:8888]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: localhost:8888
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 200
< content-length: 5
< x-stream-id: 1
<
* Connection #0 to host localhost left intact
hello
But a word of warning: Most HTTP clients when they see http:// assume it's HTTP/1.x and won't even try HTTP/2. Over TLS, there is ALPN to communicate the (un)availability of HTTP/2, but over plaintext there isn't. You might have noticed that I used the --http2-prior-knowledge option for curl which tells curl that I know that the server speaks HTTP/2. Otherwise, curl will just try HTTP/1.1 as the default.
So it might prove challenging to concinve AVPlayer to use HTTP/2 over http://, but maybe it has an option to do so? Or maybe it always speaks HTTP/2 in which case you can consider this point moot.
Regardless, in the demo server I shared above, what you'll see if somebody tries to speak HTTP/1.x is the following:
Server received error: BadClientMagic(file: "NIOHTTP2/HTTP2ChannelHandler.swift", line: 609)
because GET / HTTP/1.1 or similar won't match HTTP/2's magic (which is PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n).
1 Like