Make http2 communication configurable

presto-docs/src/main/sphinx/security/ldap.rst

@@ -85,6 +85,7 @@ Property                                                Description
                                                         Should be set to ``true``. Default value is
                                                         ``false``.
 ``http-server.https.port``                              HTTPS server port.
+``http-server.http2.enabled``                           Enables HTTP2 server on the worker.
 ``http-server.https.keystore.path``                     The location of the Java Keystore file that will be
                                                         used to secure TLS.
 ``http-server.https.keystore.key``                      The password for the keystore. This must match the

presto-docs/src/main/sphinx/security/server.rst

@@ -115,6 +115,7 @@ Property                                                Description
 ``http-server.https.enabled``                           Enables HTTPS access for the Presto coordinator.
                                                         Should be set to ``true``.
 ``http-server.https.port``                              HTTPS server port.
+``http-server.http2.enabled``                           Enables HTTP2 server on the worker.
 ``http-server.https.keystore.path``                     The location of the Java Keystore file that will be
                                                         used to secure TLS.
 ``http-server.https.keystore.key``                      The password for the keystore. This must match the

presto-native-execution/presto_cpp/main/PrestoServer.cpp

@@ -319,8 +319,9 @@ void PrestoServer::run() {
       httpsSocketAddress.setFromLocalPort(httpsPort.value());
     }
 
+    const bool http2Enabled = SystemConfig::instance()->httpServerHttp2Enabled();
     httpsConfig = std::make_unique<http::HttpsConfig>(
-        httpsSocketAddress, certPath, keyPath, ciphers, reusePort);
+        httpsSocketAddress, certPath, keyPath, ciphers, reusePort, http2Enabled);
   }
 
   httpServer_ = std::make_unique<http::HttpServer>(

presto-native-execution/presto_cpp/main/common/Configs.cpp

@@ -157,6 +157,7 @@ SystemConfig::SystemConfig() {
           NUM_PROP(kHttpServerNumCpuThreadsHwMultiplier, 1.0),
           NONE_PROP(kHttpServerHttpsPort),
           BOOL_PROP(kHttpServerHttpsEnabled, false),
+          BOOL_PROP(kHttpServerHttp2Enabled, true),
           STR_PROP(
               kHttpsSupportedCiphers,
               "ECDHE-ECDSA-AES256-GCM-SHA384,AES256-GCM-SHA384"),
@@ -297,6 +298,10 @@ bool SystemConfig::httpServerHttpsEnabled() const {
   return optionalProperty<bool>(kHttpServerHttpsEnabled).value();
 }
 
+bool SystemConfig::httpServerHttp2Enabled() const {
+  return optionalProperty<bool>(kHttpServerHttp2Enabled).value();
+}
+
 std::string SystemConfig::httpsSupportedCiphers() const {
   return optionalProperty(kHttpsSupportedCiphers).value();
 }

presto-native-execution/presto_cpp/main/common/Configs.h

@@ -202,6 +202,8 @@ class SystemConfig : public ConfigBase {
       "http-server.https.port"};
   static constexpr std::string_view kHttpServerHttpsEnabled{
       "http-server.https.enabled"};
+  static constexpr std::string_view kHttpServerHttp2Enabled{
+      "http-server.http2.enabled"};
   /// List of comma separated ciphers the client can use.
   ///
   /// NOTE: the client needs to have at least one cipher shared with server
@@ -785,6 +787,8 @@ class SystemConfig : public ConfigBase {
 
   int httpServerHttpsPort() const;
 
+  bool httpServerHttp2Enabled() const;
+
   /// A list of ciphers (comma separated) that are supported by
   /// server and client. Note Java and folly::SSLContext use different names to
   /// refer to the same cipher. For e.g. TLS_RSA_WITH_AES_256_GCM_SHA384 in Java

presto-native-execution/presto_cpp/main/common/Utils.cpp

@@ -37,6 +37,7 @@ std::shared_ptr<folly::SSLContext> createSSLContext(
     sslContext->loadCertKeyPairFromFiles(
         clientCertAndKeyPath.c_str(), clientCertAndKeyPath.c_str());
     sslContext->setCiphersOrThrow(ciphers);
+    sslContext->setAdvertisedNextProtocols({"http/1.1"});
     return sslContext;
   } catch (const std::exception& ex) {
     LOG(FATAL) << fmt::format(

presto-native-execution/presto_cpp/main/http/HttpServer.cpp

@@ -106,12 +106,14 @@ HttpsConfig::HttpsConfig(
     const std::string& certPath,
     const std::string& keyPath,
     const std::string& supportedCiphers,
-    bool reusePort)
+    bool reusePort,
+    bool http2Enabled)
     : address_(address),
       certPath_(certPath),
       keyPath_(keyPath),
       supportedCiphers_(supportedCiphers),
-      reusePort_(reusePort) {
+      reusePort_(reusePort),
+      http2Enabled_(http2Enabled) {
   // Wangle separates ciphers by ":" where in the config it's separated with ","
   std::replace(supportedCiphers_.begin(), supportedCiphers_.end(), ',', ':');
 }
@@ -126,6 +128,9 @@ proxygen::HTTPServer::IPConfig HttpsConfig::ipConfig() const {
       folly::SSLContext::VerifyClientCertificate::DO_NOT_REQUEST;
   sslCfg.setCertificate(certPath_, keyPath_, "");
   sslCfg.sslCiphers = supportedCiphers_;
+  if (http2Enabled_) {
+    sslCfg.setNextProtocols({"h2", "http/1.1"});
+  }
 
   ipConfig.sslConfigs.push_back(sslCfg);
 

presto-native-execution/presto_cpp/main/http/HttpServer.h

@@ -259,7 +259,8 @@ class HttpsConfig {
       const std::string& certPath,
       const std::string& keyPath,
       const std::string& supportedCiphers,
-      bool reusePort = false);
+      bool reusePort = false,
+      bool http2Enabled = true);
 
   proxygen::HTTPServer::IPConfig ipConfig() const;
 
@@ -269,6 +270,7 @@ class HttpsConfig {
   const std::string keyPath_;
   std::string supportedCiphers_;
   const bool reusePort_;
+  const bool http2Enabled_;
 };
 
 class HttpServer {