@mthax wrote:
Hi
I use Haproxy with SSL Termination in a LXC Container and it works great. Most Backends listen on pot 80 since i dont want to go through the hassle to manage a letsencrypt certificate on each container and personaly, i think there is no point in encrypting connections between containers.
I wanted to enable http2 on my configuration, but i cant get it to work while still being able to route the traffic to the particular backends. By far the most Tutorials you find online create one backend for http/1.1 and a second one for http2, but they never Route the Traffic to a Container with for example
acl example1_host hdr(host) -i example1.example.comThey just differentiate between http and http2
Of i add alpn h2,http/1.1 to the bind command the site wont load, if i add http/1.1,h2 it loads, but with http/1.1. It doesnt make a difference if i add send-proxy to the backends,
In my haproxy.log i see
[07/Aug/2019:14:58:13.861] web_frontend~ example1/example1 0/0/0/0/0 406 4755 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/2.0"but Google Chrome shows me a ERR_SPDY_PROTOCOL_ERROR Error.
Can someone give me a tip how to make this happen ? Is this possible at all and if yes, is it possible to have the frontend speak http2 with a backend communicating with http/1.1 ?
Here is a example of my Configuration
frontend web_frontend mode http bind :::443 v4v6 tfo ssl crt /etc/haproxy/example.com.pem ecdhe secp384r1 bind :::80 v4v6 tfo option http-use-htx option forwardfor header X-Forwarded-For http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload http-response set-header X-Frame-Options sameorigin http-response set-header X-Content-Type-Options nosniff http-response set-header X-XSS-Protection: 1;mode=block http-response set-header Referrer-Policy no-referrer-when-downgrade http-response set-header Feature-Policy "geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none';$ http-request set-header X-Forwarded-Proto https redirect scheme https code 301 unless { ssl_fc } acl example1_host hdr(host) -i example1.example.com acl example2_host hdr(host) -i example2.example.com use_backend example1 if example1_host use_backend example2 if example2_host backend example1 mode http balance leastconn http-request set-header X-Client-IP %[src] http-request add-header X-Forwarded-Proto https option forwardfor option http-use-htx server example1server example1.lxd:1234 backend example2 mode http balance leastconn http-request set-header X-Client-IP %[src] http-request add-header X-Forwarded-Proto https option forwardfor option http-use-htx server example2server example2.lxd:1234Thanks in Adance
mthax
Posts: 1
Participants: 1