From 1cf6ae37ebf5b637576c43dcd00cf7330c3e3222 Mon Sep 17 00:00:00 2001
From: Sudarsan Reddy <sreddy@cloudflare.com>
Date: Fri, 26 Mar 2021 09:45:26 +0000
Subject: [PATCH] TUN-3896: http-service and tunnelstore client use http2
 transport.

   - If origin services are http2 and https is the service url, http2
   transport is preferred.

   - The tunnelstore client is now upgraded to use http2.
---
 CHANGES.md                | 19 +++++++++++++++++++
 ingress/origin_service.go |  3 +++
 tunnelstore/client.go     | 14 +++++++++-----
 3 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index b6bdc144..f0de24a9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,5 +1,24 @@
 **Experimental**: This is a new format for release notes. The format and availability is subject to change.
 
+## UNRELEASED
+
+### Backward Incompatible Changes
+
+- none
+
+### New Features
+
+ - HTTP/2 transport is now always chosen if origin server supports it and the service url scheme is HTTPS.
+   This was previously done in a best attempt manner.
+
+### Improvements
+
+- none
+
+### Bug Fixes
+
+ - none
+
 ## 2021.3.3
 
 ### Improvements
diff --git a/ingress/origin_service.go b/ingress/origin_service.go
index eeff7ebc..aa2587b3 100644
--- a/ingress/origin_service.go
+++ b/ingress/origin_service.go
@@ -15,6 +15,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 
+	"golang.org/x/net/http2"
+
 	"github.com/cloudflare/cloudflared/hello"
 	"github.com/cloudflare/cloudflared/ipaccess"
 	"github.com/cloudflare/cloudflared/socks"
@@ -287,6 +289,7 @@ func newHTTPTransport(service originService, cfg OriginRequestConfig, log *zerol
 		httpTransport.DialContext = dialContext
 	}
 
+	http2.ConfigureTransport(&httpTransport)
 	return &httpTransport, nil
 }
 
diff --git a/tunnelstore/client.go b/tunnelstore/client.go
index f5915103..89979d6a 100644
--- a/tunnelstore/client.go
+++ b/tunnelstore/client.go
@@ -16,6 +16,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 
+	"golang.org/x/net/http2"
+
 	"github.com/cloudflare/cloudflared/teamnet"
 )
 
@@ -247,6 +249,11 @@ func NewRESTClient(baseURL, accountTag, zoneTag, authToken, userAgent string, lo
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to create account level endpoint")
 	}
+	httpTransport := http.Transport{
+		TLSHandshakeTimeout:   defaultTimeout,
+		ResponseHeaderTimeout: defaultTimeout,
+	}
+	http2.ConfigureTransport(&httpTransport)
 	return &RESTClient{
 		baseEndpoints: &baseEndpoints{
 			accountLevel:  *accountLevelEndpoint,
@@ -256,11 +263,8 @@ func NewRESTClient(baseURL, accountTag, zoneTag, authToken, userAgent string, lo
 		authToken: authToken,
 		userAgent: userAgent,
 		client: http.Client{
-			Transport: &http.Transport{
-				TLSHandshakeTimeout:   defaultTimeout,
-				ResponseHeaderTimeout: defaultTimeout,
-			},
-			Timeout: defaultTimeout,
+			Transport: &httpTransport,
+			Timeout:   defaultTimeout,
 		},
 		log: log,
 	}, nil