-
-
Save haproxytechblog/466eb7b5e537bda45aeeace609de2df0 to your computer and use it in GitHub Desktop.
How to enable QUIC load balancing on HAProxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo apt update | |
$ sudo apt install -y \ | |
ca-certificates \ | |
gcc \ | |
git \ | |
libc6-dev \ | |
liblua5.3-dev \ | |
libpcre3-dev \ | |
libssl-dev \ | |
libsystemd-dev \ | |
make \ | |
zlib1g-dev | |
$ cd ~ | |
$ git clone https://github.com/quictls/openssl | |
$ cd openssl | |
$ git checkout OpenSSL_1_1_1t+quic | |
$ sudo mkdir -p /opt/quictls | |
$ ./Configure --libdir=lib --prefix=/opt/quictls | |
$ make | |
$ sudo make install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cd ~ | |
$ git clone https://github.com/haproxy/haproxy.git | |
$ cd haproxy | |
$ git checkout v2.7.0 | |
$ make TARGET=linux-glibc \ | |
USE_LUA=1 \ | |
USE_PCRE=1 \ | |
USE_ZLIB=1 \ | |
USE_SYSTEMD=1 \ | |
USE_PROMEX=1 \ | |
USE_QUIC=1 \ | |
USE_OPENSSL=1 \ | |
SSL_INC=/opt/quictls/include \ | |
SSL_LIB=/opt/quictls/lib \ | |
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" | |
$ sudo make install-bin | |
$ cd admin/systemd | |
$ sudo make haproxy.service | |
$ sudo cp ./haproxy.service /etc/systemd/system/ | |
$ sudo mkdir -p /etc/haproxy | |
$ sudo mkdir -p /run/haproxy | |
$ sudo touch /etc/haproxy/haproxy.cfg | |
$ sudo systemctl enable haproxy | |
$ sudo systemctl start haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe | |
mode http | |
bind :80 | |
bind :443 ssl crt /etc/haproxy/certs/foo.com/cert.crt alpn h2 | |
bind quic4@:443 ssl crt /mycert.pem alpn h3 | |
http-request redirect scheme https unless { ssl_fc } | |
http-after-response add-header alt-svc 'h3=":443"; ma=60' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment