How to use http2 in Feign for better performance RPC? - spring-cloud

A new project consider use Spring Cloud build micro service. But we have many inner RPC call within services.
For performance, how to upgrade Feign support http2?
There are gRPC has give a great example for high performance by http2 but our project based on JVM and Feign and relative annotation is good enough for interface definition.
So, I'm first consider Feign support http2 without SSL to speed up RPC.
Hope there are benchmark on http2 if someone has done.
Thanks.

To use http/2 with feign you just need to replace the Http client Bean with a client that prefers http/2.
With default HttpClient (as opposed to OkHttp), you can just add this as a bean, and feign should use it, or you can build it into the feignClient:
HttpClient client = HttpClient.newBuilder()
.version(Version.HTTP_2)
.build();
ref: https://openjdk.java.net/groups/net/httpclient/intro.html
The OkHttp Client may have http/2
I think you would also have to enable http/2 on the server with:
server.http2.enabled: true
This should allow it to receive incoming requests with http/2.
https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.http2.enabled

Related

Exe as Webservice Endpoint

I got a webservice endpoint and I stumple upon how to correctly implement it.
It seems to be an parameterized exe-file which returns an XML Reply.
There is no documentation.
I am used to soap, wcf and rest but this is completely unknown to me, has anyone a guide or a best case how to implement such a service?
I can consume it with a HTTP GET but there are some questions left to me:
I know the questions are quite broad... But I could not find anything about it in the interwebz.
Is there a secure way to publish exe files as webservice?
Are there any critical downsides implementing such an interface?
Make I myself a fool and this is just an alias?
Example Url:
http://very.exhausting.company/Version/SuperStrange.exe?parameter=String
Web servers
What you call a webservice endpoint is nothing else than a web server listening on some host (normally 0.0.0.0) and some port on a physical or virtual machine and responding with some HTTP response to HTTP requests sent to that host, port and URIs that the web server cares to process.
Any web server is itself an application or a static or dynamic component of an application as the following examples illustrate:
JBoss, Glassfish, Tomcat etc. are applications, known as application servers, into which containers/servlets/plugins implementing web servers and corresponding endpoints are deployed. These listen on some port exposing generic web servers routing requests to those containers and their servlets;
a fat jar started with java -jar on a JVM which deploys a vert.x verticle featuring a vert.x HttpServer listening on some port is nothing else than a web server;
an interpreter such as node.js parsing and executing JavaScript code based on the express module will most likely deploy a web server on some port;
finally, a statically or dynamically linked application written in languages such as C++ or Go can expose a web server listing on some port.
All of the above cases feature different deployment mechanisms, but what they deploy is essentially the same: a piece of software that listens for HTTP requests on some port, executes some logic based on request and returns HTTP responses to the caller.
Your windows exe file is most likely a statically linked application that provides a web server.
Protocols
So we know you have a web server as it reacts to an HTTP GET. How does it relate to REST, SOAP etc? Effectively, REST, SOAP etc are higher level protocols. TCP is the low level, HTTP is based on top of that and your server supports that. REST, SOAP and everything else that you mention are higher level protocols that are based, among others, on HTTP. So all you know is that your application (web server) supports HTTP, but you do not know which higher level data exchange protocol it implements. It definitely implements some, at least a custom one that its author came up with to exchange data between a client and this application.
You can try to reverse engineer it, but it is not clear how would you find out about all possible endpoints, arguments, payload structures, accepted headers etc. Essentially, you have a web server publishing some sort of an API, but there is no generic way of telling what that API is.
Security
The world around you does not have to know how the API is published. You can put any of the above 4 web server implementations behind exactly the same firewall or a reverse proxy with SSL termination exposing just one host and port over SSL. So there is no difference in security, with respect to the world, whether you deploy it as exe or as a war into JBoss. This is not to say, that your exe file is secure: depending on how it is implemented it may allow all sorts of attacks, but again, this is equally true for any mechanism.

Spring Cloud RPC transport

Almost every spring-cloud guide suggests Ribbon with Feign for RPC.
I wonder why Http Rest takes precedence over binary transport protocol for inner micro-services communication behind the API gateway?
What are the binary alternatives to http that support async invocation and all great features that Netflix OSS provides ? (auto-discovery, load-balancing, circuit breaker, retry policy etc.)
Thanks
There is nothing preventing you from using binary RPC like thrift or protobuffs or msgpack with spring cloud. You can use LoadBalancerClient.choose(<serviceId>) to get a host and port you could supply to any network client. Our integrations were the simple rest clients.
Here is a guide that integrates Spring MVC with google protocol buffers.

SSL by RESTful API or by reverse proxy?

I'm building a RESTful API which is only accessible by TLS. Where should SSL connection be implemented?
by RESTful API itself, my API is written in golang, which handles SSL easily.
by a SSL reverse proxy, here I'm using nginx.
I would prefer 2nd approach because nginx handles caching and static deliveries better.
Should I implement my API HTTP-only now? In my opinion the system is secure, as long as nginx the reverse proxy is serving SSL only and my API exposes itself to nginx only.
I'm not sure if there is a 3rd approach, while I keep my API SSL only and nginx passes through all requests transparently.
TL;DR: I will choose between the 2nd or 3rd option, depending on the scenario. If you want to publish the API on Internet, never opt for the first one.
The most secure option is the third one: implement your API to allow SSL connections only, and publish to Internet using a reverse proxy anyway.
The pros are the communication with your API will be secure even for internal connections. That will give you protection from internal attackers. The cons are the extra processing load on your server to manage the SSL security and that can impact on the performance.
Anyway, you should look for cost-benefit. That's the reason why it will depend on the scenario. For example, if your API will not be accessed by internal users, but only for internal services, and the load on the server is heavy, you can consider the 2nd approach: plain HTTP por internal communications and SSL termination for Internet.

I have a REST client APi but no detail on how the REST service is implemented . What technology do i use to make it useful for any implementation

So i have a assignment to write some REST client calls to a REST web service which does not exist.
To work around it i created a mock web service using Jersey. But i am not sure what technology the actual REST service would use.
Please advise on what technology should i use to send down the REST calls to the server.
Also if possible also give me a sample of how to send down a XML GET request to the REST service.
Thanks much for the help.
Please advise on what technology should i use to send down the REST calls to the server.
REST is HTTP. You can use anything that sends HTTP requests:
Jersey Client
Any web browser
cURL
telnet
carrier pigeon
...
Also if possible also give me a sample of how to send down a XML GET request to the REST service.
It's just an HTTP GET request. How it's built/generated/sent depends on what library and programming language you're writing the client in. But the actual request itself would look something like this:
GET /foo/bar/baz HTTP/1.1
Host: www.example.com
Accept: text/xml
As far as I know Both Java and .Net environment has the tools to generate WebServices (SOAP and rest). What's your client development language ?
REST :Representational state transfer in simple terms used to send data between client and server . As
Client use some persistent URL for communication and it is stateless communication .
Java uses Jersey, the reference implementation of JAX-RS, implements support for the annotations defined in JSR 311, making it easy for developers to build RESTful web services by using the Java programming language.
So All u have to use for creating services is just some dependencies , bean configuration and some annotations (To Expose Service ) .
For calling REST Service , u can either call from browser . Browsers like (chrome ,mozilla ) provide some plugins to calling REST service or u can create a client to call REST Service .

Node.js and wss://

I'm looking to start using javascript on the server, most likely with node.js, as well as use websockets to communicate with clients. However, there doesn't seem to be a lot of information about encrypted websocket communication using TLS and the wss:// handler. In fact the only server that I've seen explicitly support wss:// is Kaazing.
This TODO is the only reference I've been able to find in the various node implementations. Am I missing something or are the websocket js servers not ready for encrypted communication yet?
Another option could be using something like lighttpd or apache to proxy to a node listener, has anyone had success there?
TLS/SSL support works for this websocket implementation in Node.js, I just tested it: https://github.com/Worlize/WebSocket-Node/issues/29
Well you have stream.setSecure() and server.setSecure().
I'm guessing you should be able to use one of those (specially the last one) to use TLS in websockets since in the end a websocket is just a normal http connection "upgraded" to websocket.
Using TLS in the normal http server object should theorically also secure the websocket, only by testing this can be confirmed.