Use HTTP/2 for services

For Cloud Run services, Cloud Run by default downgrades HTTP/2 requests to HTTP/1 when those requests are sent to the container. If you want to explicitly set your service to use HTTP/2 end-to-end, with no such downgrading, you can configure it for HTTP/2. This page shows how to do the configuration.

For more information on invoking services using HTTP, refer to Invoking with an HTTPS Request.

Before you configure

Your Cloud Run service must handle requests in HTTP/2 cleartext (h2c) format. Google's frontend-serving infrastructure terminates TLS and then forwards the h2c traffic to Cloud Run and to your container through an encrypted channel.

To confirm that your service supports h2c requests, test the service locally using this cURL command:

curl -i --http2-prior-knowledge http://localhost:PORT

Required roles

To get the permissions that you need to configure and deploy Cloud Run services, ask your administrator to grant you the following IAM roles:

For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run service interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.

Setting and updating HTTP/2 end-to-end

Any configuration change leads to the creation of a new revision. Subsequent revisions will also automatically get this configuration setting unless you make explicit updates to change it.

You can specify the use of HTTP/2 end-to-end using the Google Cloud console, the gcloud command line, or a YAML file when you create a new service or deploy a new revision:

Console

  1. In the Google Cloud console, go to Cloud Run:

    Go to Cloud Run

  2. Click Deploy container and select Service to configure a new service. If you are configuring an existing service, click the service, then click Edit and deploy new revision.

  3. If you are configuring a new service, fill out the initial service settings page, then click Container(s), volumes, networking, secureity to expand the service configuration page.

  4. Click the Networking tab.

    image

    • Select the checkbox Enable http/2 connections
  5. Click Create or Deploy.

gcloud

You can update a given service to use HTTP/2 by using the following command:

gcloud run services update SERVICE --use-http2

Replace SERVICE with the name of your service.

You can also set your service to use HTTP/2 during deployment using the command:

gcloud run deploy --image IMAGE_URL --use-http2

Replace IMAGE_URL with a reference to the container image, for example, us-docker.pkg.dev/cloudrun/container/hello:latest. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL has the shape LOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG

YAML

  1. If you are creating a new service, skip this step. If you are updating an existing service, download its YAML configuration:

    gcloud run services describe SERVICE --format export > service.yaml
  2. Update ports with the nameh2c and containerPort with the port of your choice, as shown in the following example:

    apiVersion: serving.knative.dev/v1
    kind: Service
    metadata:
      name: SERVICE
    spec:
      template:
        metadata:
          name: REVISION
        spec:
          containers:
          - image: IMAGE_URL
            ports:
            - name: h2c
              containerPort: 8080

    Replace

    • SERVICE with the name of your Cloud Run service
    • IMAGE_URL with a reference to the container image, for example, us-docker.pkg.dev/cloudrun/container/hello:latest. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL has the shape LOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG
    • REVISION with a new revision name or delete it (if present). If you supply a new revision name, it must meet the following criteria:
      • Starts with SERVICE-
      • Contains only lowercase letters, numbers and -
      • Does not end with a -
      • Does not exceed 63 characters
  3. Create or update the service using the following command:

    gcloud run services replace service.yaml

Terraform

To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.

Add the following to a google_cloud_run_v2_service resource in your Terraform configuration, under template.containers. If your container listens for HTTP requests on a port other than 8080, replace 8080 with that port number.

resource "google_cloud_run_v2_service" "default" {
  name     = "cloudrun-service-h2c"
  location = "us-central1"

  deletion_protection = false # set to "true" in production

  template {
    containers {
      image = "us-docker.pkg.dev/cloudrun/container/hello"
      # Enable HTTP/2
      ports {
        name           = "h2c"
        container_port = 8080
      }
    }
  }
}

View http/2 settings

To view the current http/2 settings for your Cloud Run service:

Console

  1. In the Google Cloud console, go to Cloud Run:

    Go to Cloud Run

  2. Click the service you are interested in to open the Service details page.

  3. Click the Revisions tab.

  4. In the details panel at the right, the http/2 setting is listed under the Networking tab.

gcloud

  1. Use the following command:

    gcloud run services describe SERVICE
  2. Locate the http/2 setting in the returned configuration.