From 95771c7aba105feaf753e3b644fd6abd73d88e89 Mon Sep 17 00:00:00 2001
From: Dmitry Rubtsov <me@mazy.wtf>
Date: Mon, 19 Sep 2022 17:06:32 +0600
Subject: [PATCH 1/3] add support for plain h2c

---
 internal/home/web.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/internal/home/web.go b/internal/home/web.go
index 99b993bb..5bd1fe30 100644
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -15,6 +15,8 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
 )
 
 // HTTP scheme constants.
@@ -167,12 +169,15 @@ func (web *Web) Start() {
 		printHTTPAddresses(schemeHTTP)
 		errs := make(chan error, 2)
 
+		// h2s adds support for plain h2c
+		h2s := &http2.Server{}
+
 		hostStr := web.conf.BindHost.String()
 		// we need to have new instance, because after Shutdown() the Server is not usable
 		web.httpServer = &http.Server{
 			ErrorLog:          log.StdLog("web: plain", log.DEBUG),
 			Addr:              netutil.JoinHostPort(hostStr, web.conf.BindPort),
-			Handler:           withMiddlewares(Context.mux, limitRequestBody),
+			Handler:           h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), h2s),
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 			WriteTimeout:      web.conf.WriteTimeout,
@@ -202,10 +207,13 @@ func (web *Web) startBetaServer(hostStr string) {
 		return
 	}
 
+	// h2s adds support for plain h2c
+	h2s := &http2.Server{}
+
 	web.httpServerBeta = &http.Server{
 		ErrorLog:          log.StdLog("web: plain: beta", log.DEBUG),
 		Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
-		Handler:           withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
+		Handler:           h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta), h2s),
 		ReadTimeout:       web.conf.ReadTimeout,
 		ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 		WriteTimeout:      web.conf.WriteTimeout,

From ed209daf8af27e83c1edd2889b7e0c0f26641e42 Mon Sep 17 00:00:00 2001
From: Ainar Garipov <A.Garipov@AdGuard.COM>
Date: Mon, 19 Sep 2022 17:06:29 +0300
Subject: [PATCH 2/3] all: doc changes

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0085dade..8c9ccdcf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,7 +20,13 @@ and this project adheres to
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
   operation have been disabled ([#2993]).
 
+### Added
+
+- Support for plain (unencrypted) HTTP/2 ([#4930]).  This is useful for AdGuard
+  Home installations behind a reverse proxy.
+
 [#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#4930]: https://github.com/AdguardTeam/AdGuardHome/issues/4930
 
 
 

From 27b0251b5b8c1097d53b20a67569bb9bb6ff8bff Mon Sep 17 00:00:00 2001
From: Ainar Garipov <A.Garipov@AdGuard.COM>
Date: Mon, 19 Sep 2022 17:17:12 +0300
Subject: [PATCH 3/3] home: imp docs

---
 internal/home/web.go | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/internal/home/web.go b/internal/home/web.go
index 5bd1fe30..2052df55 100644
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -169,15 +169,15 @@ func (web *Web) Start() {
 		printHTTPAddresses(schemeHTTP)
 		errs := make(chan error, 2)
 
-		// h2s adds support for plain h2c
-		h2s := &http2.Server{}
+		// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
+		hdlr := h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), &http2.Server{})
 
+		// Create a new instance, because the Web is not usable after Shutdown.
 		hostStr := web.conf.BindHost.String()
-		// we need to have new instance, because after Shutdown() the Server is not usable
 		web.httpServer = &http.Server{
 			ErrorLog:          log.StdLog("web: plain", log.DEBUG),
 			Addr:              netutil.JoinHostPort(hostStr, web.conf.BindPort),
-			Handler:           h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), h2s),
+			Handler:           hdlr,
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 			WriteTimeout:      web.conf.WriteTimeout,
@@ -207,13 +207,16 @@ func (web *Web) startBetaServer(hostStr string) {
 		return
 	}
 
-	// h2s adds support for plain h2c
-	h2s := &http2.Server{}
+	// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
+	hdlr := h2c.NewHandler(
+		withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
+		&http2.Server{},
+	)
 
 	web.httpServerBeta = &http.Server{
 		ErrorLog:          log.StdLog("web: plain: beta", log.DEBUG),
 		Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
-		Handler:           h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta), h2s),
+		Handler:           hdlr,
 		ReadTimeout:       web.conf.ReadTimeout,
 		ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
 		WriteTimeout:      web.conf.WriteTimeout,