I'm currently developing a shopify app that is setup with a proxy, the issue I'm having is that the proxy is sending the request with HTTP/1.0 but our infrastructure setup (k8s, istio) only allow for HTTP/1.1 and up.
Does anyone have encountered that issue and have an idea on how to solve it other than changing our infrastructure ?
Noting your comment explicitly mentions "not wanting to change infra" - as Shopify seemingly doesn't respect upstream 426 Upgrade Required, you will need to make some change on your side to accept their HTTP/1.0.
"Lowest impact" (infra wise) can be done with an NGINX sidecar and TLS pass through, although this does shift your TLS termination and "untrusted" traffic flow into your environment, which most k8s/istio operators will balk at (rightfully so). Similar option would front your Istio gateway with an NGINX reverse proxy, but this now shifts issue up rather than down the stack - from a perimeter security perspective this may be more amenable, but from an operational management standpoint this may be equally difficult, not to mention the SPOF it introduces unless you manage your NGINX as a separate layer, which brings its own complexity.
Istio does allow enabling HTTP/1.0 at the gateway with the `ISTIO_META_HTTP10=1` flag (https://github.com/istio/istio/issues/13085#issuecomment-557754573). This does however mean that your ingress gateway will support 1.0 which can cause performance issues and extra load on upstreams for clients who would have otherwise been `Upgrade`d with the Gateway 426.
Connect your PayPal account to allow your customers to checkout using the PayPal gateway a...By Ollie Jul 28, 2022