Skip to content

Instantly share code, notes, and snippets.

@matthiasg
Forked from ryzy/haproxy.cfg
Created August 9, 2016 19:29
Show Gist options
  • Save matthiasg/ccd8ffd41f98ed70eaf91a81fd1c24dc to your computer and use it in GitHub Desktop.
Save matthiasg/ccd8ffd41f98ed70eaf91a81fd1c24dc to your computer and use it in GitHub Desktop.
HAProxy - essentials for HTTP/2
frontend https-in
mode tcp
bind *:443 ssl crt /etc/ssl/dummy.pem alpn h2,http/1.1
use_backend nodes-http2 if { ssl_fc_alpn -i h2 }
default_backend nodes-http
backend nodes-http
server node1 web.server:80 check
backend nodes-http2
mode tcp
server node1 web.server:81 check send-proxy
@jamshid
Copy link

jamshid commented Dec 23, 2016

Hi, found this on a google search. That doesn't work, does it? I don't think haproxy (yet?) proxies an http backend to a http/2 client.
When I do something similar with haproxy 1.7.1 (add alpn h2,http/1.1 to a working https proxy configuration):

$ docker run -ti fedora curl -v --http2 -k https://192.168.2.61:7743
* Rebuilt URL to: https://192.168.2.61:7743/
*   Trying 192.168.2.61...
* Connected to 192.168.2.61 (192.168.2.61) port 7743 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* ALPN, server accepted to use h2
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=XXXX
* 	start date: Dec 18 00:25:10 2016 GMT
* 	expire date: Dec 18 00:25:10 2017 GMT
* 	common name: permanent
* 	issuer: CN=ExampleXXXX
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55d928971cb0)
> GET / HTTP/1.1
> Host: 192.168.2.61:7743
> User-Agent: curl/7.47.1
> Accept: */*
> 
* Unexpected EOF
* Closing connection 0
curl: (56) Unexpected EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment