@shamsimam wrote:
I have two names, h1.app.com and h2.app.com, pointing to the same haproxy instance.
haproxy is listening on port 80 and 443.
How do I ensure that SSL requests for:
- h1.app.com are not upgraded to http/2 via alpn,
- h2.app.com are upgraded to http/2 via alpn.
The basic configuration I have is below, but not sure how to disable alpn for specific host (i.e. h1.app.com) headers:
defaults mode http option http-use-htx ... frontend f_all maxconn 20000 bind *:80 bind *:443 ssl crt-list /haproxy/crt-list strict-sni alpn h2,http/1.1 bind *:8080 proto h2 mode http ... acl is-http2 fc_http_major 2 use_backend b_h2 if is-http2 default_backend b_h1 backend b_h1 mode http balance roundrobin server 123.45.67.890:12324 123.45.67.890:12345 check backend b_h2 mode http balance roundrobin server 123.45.67.890:12326 123.45.67.890:12346 check
Posts: 3
Participants: 2