On Mon, Feb 5, 2018 at 12:12 AM, Aleksandar Lazic <[email protected]> wrote:
> Hi. > > > Am 03-02-2018 10:25, schrieb Igor Cicimov: > > On Sat, Feb 3, 2018 at 6:02 PM, <[email protected]> wrote: >> >> I need to set up haproxy 1.8.3 as a loadbalancer for several nginx >>> webservers (1.13.x). The haproxy will be set up to support h2 >>> connections. >>> I am undecided if it is a good idea to setup nginx for h2 also. I >>> understand >>> that haproxy will be able to talk to nginx more efficiently, but there >>> is also >>> a downside for the h2 handshake and more complicated protocol in >>> contrast to a >>> simple unencrypted http connection. The content I transfer between >>> haproxy and >>> nginx is absolutely public, so there is no added value or security if I >>> encrypt it. >>> >>> Is it advisable to set up h2 between the two or not ? Criteria would be >>> "less CPU usage" or "less connections between the two components" or even >>> "faster transfer of data between nginx and haproxy" >>> I have not yet come to a conclusion. I understand that for a detailled >>> answer you >>> would need to know more about the servers and type / amount of content >>> transferred. >>> But I am hoping for some general guidance here. >>> >> >> Very good question I had the same dilemma last week with similar case >> like you >> except my backend is Apache2. I decided to go with alpn/h2 in Haproxy and >> h2c in >> Apache (terminating SSL on HAP) hoping for lower latency and better >> performance on >> the clients side due to the benefits of h2. Haven't done any in depth >> testing >> though in order to compare the system utilization with and without h2c in >> Apache. >> The app is PHP and I use PHP5-FPM via fastcgi just to mention it for the >> record. >> I could see faster page loads but how much the h2c in Apache contributed >> to it I >> can't say for sure. More testing is needed and hope I'll get to it >> sometime next week. >> >> One thing confusing though is that all the requests in Haproxy are still >> logged as >> HTTP/1.1 although I was using h2load (and before someone asks, yes it was >> in h2 mode >> for sure) for testing. Not sure if I have missed some setting or is it >> normal behaviour. >> > > In short: haproxy have h2 for the frontends but not for the backends, at > the moment. > > This facts was mentioned in the announcement of haproxy 1.8 > > https://www.mail-archive.com/[email protected]/msg28004.html > > ``` > - HTTP/2 (Willy Tarreau) : HTTP/2 is automatically detected and processed > in HTTP frontends negociating the "h2" protocol name based on the ALPN > or NPN TLS extensions. At the moment the HTTP/2 frames are converted to > HTTP/1.1 requests before processing, so they will always appear as 1.1 > in the logs (and in server logs). No HTTP/2 is supported for now on the > backend, though this is scheduled for the next steps. HTTP/2 support is > still considered EXPERIMENTAL, so just like for multi-threading, in > case > of problem you may end up having to disable it for the time it takes to > solve the issue. > ``` > > I know this annoumcment is long with full details, due to this fact I have > read it > several times ;-) > > Hth > Aleks > There we go, thanks Aleksandar that explains it all.
