GraphQL over HTTP/2
HTTP/2 represents a significant advancement in web protocols, offering enhancements such as multiplexing, header compression, and streamlined connection handling, all designed to improve web performance.
Tailcall enables support for HTTP/2 for both server (ingress) and client (egress) operations, facilitating the protocol's adoption for both incoming and outgoing server requests. For egress, there is no special setting that's required, Tailcall will automatically upgrade the connection to HTTP/2 whenever possible. To configure ingress properly, you need to provide the following settings
SSL
For Tailcall to serve GraphQL over HTTP/2 we need to first enable SSL for which we need to generate a certificate and a key. To generate the required certificates (cert.pem and key.pem) OpenSSL is a widely used option. Here are the steps to get started with SSL:
-
Install OpenSSL: Download and install OpenSSL from its official website if it's not already installed on your system.
-
Generate Private Key
openssl genrsa -out key.pem 2048
This creates a 2048-bit RSA private key, storing it in a file named
key.pem
. -
Generate Certificate Signing Request (CSR)
openssl req -new -key key.pem -out csr.pem
You will be prompted to provide information for the certificate, such as the Common Name (CN), organization details, and locality. This information is embedded into the CSR, saved in a file named
csr.pem
. This file can be used to request a certificate from a Certificate Authority (CA) or generate a self-signed certificate. -
Generate Self-Signed Certificate
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem
This generates a self-signed certificate valid for 365 days using the CSR from step 3 and the private key from step 2. The validity period can be adjusted by changing the number of days (-days). A "Signature ok" prompt confirms the successful creation.
-
Cleanup Intermediate Files
rm csr.pem
After using the CSR to generate the self-signed certificate (cert.pem), the CSR file (csr.pem) becomes redundant. This step removes intermediate files created during the certificate generation process.
Use self-signed certificates for HTTP/2 configurations in development environments. While they enable convenient HTTPS testing locally, in production, always opt for certificates issued by trusted Certificate Authorities.
Configuration
Once the certificate and key are generated we can link them with our main configuration using the @link directive, to enable HTTPS.
schema
@link(type: "Cert", src: "./cert.pem")
@link(type: "Key", src: "./key.pem") {
query: Query
mutation: Mutation
}
type Query {
posts: [Post] @http(path: "/posts")
}
type User {
id: Int!
name: String!
}
Once HTTPS is enabled we set the version to HTTP2
for the server:
schema
@link(type: "Cert", src: "./cert.pem")
@link(type: "Key", src: "./key.pem")
@server(version: HTTP2) {
query: Query
mutation: Mutation
}
type Query {
posts: [Post] @http(path: "/posts")
}
type User {
id: Int!
name: String!
}
That's pretty much all that's required. Now you can go ahead and launch your server as usual.
INFO File read: ./jsonplaceholder.graphql ... ok
INFO N + 1 detected: 0
INFO 🚀 Tailcall launched at [0.0.0.0:8000] over HTTP/2.0
INFO 🌍 Playground: https://tailcall.run/playground/?u=http://127.0.0.1:8000/graphql