azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 10:21:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-505] AC-5 fix: enable TLS for HTTP/2 via ALPN
ci/woodpecker/push/01-test Pipeline was successful
Details
ci/woodpecker/push/02-build-push Pipeline was successful
Details

Browse Source 
Kestrel with HttpProtocols.Http1AndHttp2 on a plaintext listener
silently downgrades to HTTP/1.1-only (logs "HTTP/2 is not enabled
... TLS is not enabled"), so AC-5's multiplexed-GET test failed
with HTTP_1_1_REQUIRED. ALPN cannot run over plaintext, so the
fix switches the dev listener to TLS on https://+:8080:

- scripts/run-tests.sh generates a self-signed dev cert idempotently
  (./certs/api.pfx + api.crt) via openssl in an alpine container;
  certs/ is gitignored.
- docker-compose.yml binds Kestrel to ASPNETCORE_URLS=https://+:8080
  with Kestrel__Certificates__Default__Path bound to the .pfx.
- docker-compose.tests.yml mounts api.crt into the integration-tests
  container's CA store and runs update-ca-certificates so HttpClient
  trusts the cert transparently; default API_URL is now https://api:8080.
- Drop the obsolete Http2UnencryptedSupport AppContext switch from
  Http2MultiplexingTests; ALPN over TLS handles negotiation.

Test-data fixes caught on the post-TLS rerun (independent of the TLS
switch but surfaced together):

- Http2MultiplexingTests: switch slippy coords from (154321, 95812)
  -- which Google Maps returns 404 for -- to (158485, 91707), the
  slippy projection of (47.461747, 37.647063) already exercised by
  JwtIntegrationTests.
- TileInventoryTests + LeafletPathIndexOnlyTests: SpecifyKind to
  Unspecified at the binding site for raw Npgsql seed paths writing
  into tiles.captured_at / created_at / updated_at (TIMESTAMP without
  tz). Npgsql v6+ refuses Kind=Utc into plain timestamp columns;
  production goes through Dapper and never hits this code path.
- MigrationTests Az503NewUniqueIndexCoversIntegerKeyAndFlightId:
  accept either idx_tiles_location_hash (migration 014) or its
  AZ-505 successor tiles_leaflet_path (migration 015) -- both have
  location_hash as the leading column, which is the AC-9 intent.

Docs updated to reflect the TLS+ALPN path: tile-inventory.md
Non-Goals, modules/api_program.md, module-layout.md, the AZ-505
task spec's Risk 3, and the cycle 6 implementation + completeness
reports. The full integration test suite passes (mode=full, exit 0).

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-12 22:19:26 +03:00
parent da40534b49
commit c74a2339aa
17 changed files with 148 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_tasks/done/AZ-505_tile_inventory_http2_leaflet_index.md
+2 -2
View File
@@ -150,8 +150,8 @@ Then all 20 responses succeed; each `HttpResponseMessage.Version == 2.0`; per-ti
- *Risk*: `CREATE INDEX` (without CONCURRENTLY) takes an `ACCESS SHARE` + `SHARE` lock for the duration of the build, blocking writes. Production deploy could stall UAV uploads + Google Maps downloads.
- *Mitigation*: Investigate whether DbUp can execute a non-transactional `CREATE INDEX CONCURRENTLY` statement (DbUp historically wraps each script in a transaction, which is incompatible with CONCURRENTLY). If yes — use it. If no — document the expected lock window in the migration header and the deploy runbook, and align deployment to a low-traffic window.
**Risk 3: HTTP/2 over plaintext (h2c) may not be reachable from all clients**
- *Risk*: Browsers do NOT support h2c (HTTP/2 over plaintext) — they require ALPN + TLS. Only programmatic clients (httpx with `http2=True`, .NET `HttpClient` configured for `Version20`, Go `net/http2`) can use the multiplexed endpoint. Leaflet in a browser will continue to use HTTP/1.1 + up-to-6 connections.
**Risk 3: HTTP/2 over plaintext (h2c) may not be reachable from all clients***resolved post-implementation:* Kestrel was switched to TLS on `https://+:8080` with a self-signed dev cert (`./certs/api.pfx`, generated idempotently by `scripts/run-tests.sh`) so ALPN can advertise `h2` to **both** browsers and programmatic clients. Browser Leaflet now multiplexes over the same TLS connection as the .NET / httpx clients. Production termination remains expected at the ingress (Envoy / nginx / ALB); the in-process TLS cert is dev-only and is gitignored.
- *Risk (original wording, preserved for traceability)*: Browsers do NOT support h2c (HTTP/2 over plaintext) — they require ALPN + TLS. Only programmatic clients (httpx with `http2=True`, .NET `HttpClient` configured for `Version20`, Go `net/http2`) can use the multiplexed endpoint. Leaflet in a browser will continue to use HTTP/1.1 + up-to-6 connections.
- *Mitigation*: Document this in `tile-inventory.md` v1.0.0 contract and in the deploy runbook. The onboard consumer (httpx-based) IS the primary beneficiary of HTTP/2 here; browser Leaflet performance is unaffected (heap-eliminated read path via the covering index is the win there).
**Risk 4: Onboard `TileDownloader` (AZ-316) calls inventory before this task lands in production**