How to enable QUIC load balancing on HAProxy

blog20230601-01.cfg

$ sudo apt update
$ sudo apt install -y \
  ca-certificates \
  gcc \
  git \
  libc6-dev \
  liblua5.3-dev \
  libpcre3-dev \
  libssl-dev \
  libsystemd-dev \
  make \
  zlib1g-dev

$ cd ~
$ git clone https://github.com/quictls/openssl
$ cd openssl
$ git checkout OpenSSL_1_1_1t+quic
$ sudo mkdir -p /opt/quictls
$ ./Configure --libdir=lib --prefix=/opt/quictls
$ make
$ sudo make install

blog20230601-02.cfg

$ cd ~
$ git clone https://github.com/haproxy/haproxy.git
$ cd haproxy
$ git checkout v2.7.0
 
$ make TARGET=linux-glibc \
    USE_LUA=1 \
    USE_PCRE=1 \
    USE_ZLIB=1 \
    USE_SYSTEMD=1 \
    USE_PROMEX=1 \
    USE_QUIC=1 \
    USE_OPENSSL=1 \
    SSL_INC=/opt/quictls/include \
    SSL_LIB=/opt/quictls/lib \
    LDFLAGS="-Wl,-rpath,/opt/quictls/lib"

$ sudo make install-bin
$ cd admin/systemd
$ sudo make haproxy.service
$ sudo cp ./haproxy.service /etc/systemd/system/

$ sudo mkdir -p /etc/haproxy
$ sudo mkdir -p /run/haproxy
$ sudo touch /etc/haproxy/haproxy.cfg

$ sudo systemctl enable haproxy
$ sudo systemctl start haproxy

blog20230601-03.cfg

frontend fe
  mode http
  bind :80
  bind :443  ssl crt /etc/haproxy/certs/foo.com/cert.crt alpn h2
  bind quic4@:443 ssl crt /mycert.pem alpn h3

  http-request redirect scheme https unless { ssl_fc }

  http-after-response add-header alt-svc 'h3=":443"; ma=60'