Re: H/2 via Unix Sockets fails

Wed, 24 Apr 2019 06:18:46 -0700 

Hi Willy,

that doesn't seem to work either, only HTTP/1.1
We have several hundret listener/frontends/backends and we're using the old nbproc > 1 process model. We have the initial TCP listener that's bound to one core. It checks wether it's ECC capable or not and then it goes to the second listener that does the actual SSL termination with RSA/ECC on multiple cores and from there it goes to the actual frontend, which is on a different core. We plan to test and migrate to the threading model if it performs as good as the current one or even better. But actually that was meant for much later that year or even 2020 :( I'm not sure if that would solve the actual problem, since may still need sockets for RSA/ECC I guess.
The inital plan was to just make it also support HTTP2 by adding "alpn h2,http/1.1" to the unix bind in the "h2test_tcp.tls" 

On 2019-04-24 15:06, Willy Tarreau wrote:

Hi Christian,

On Wed, Apr 24, 2019 at 02:29:40PM +0200, Christian Ruppert wrote:

Hi,
so I did some more tests and it seems to be an issue between h2test_tcp.tls and the frontend, using the UNIX sockets. Adding a TCP bind to that listener also doesn't work. Am I doing it wrong or is it a bug somewhere with H/2 and 
UNIX sockets?
I also disabled the PROXY protocol - doesn't help.


I currently have no idea about this one. There should be no reason for
H2 to depend on the underlying socket type.

Hmm wait a minute. It might not be related to the UNIX sockets at all.
In fact what's happening is that your first proxy is not advertising
H2 in the ALPN connection, so the second one doesn't receive it and
negociates H1. You could try to add "alpn h2" at the end of your server
line below :


listen h2test_tcp
    mode tcp
    bind :444
    option tcplog
    log global
server socket-444-h2test unix@/run/haproxy-444-h2test.sock send-proxy-v2 
      ^^^^^^^^^


listen h2test_tcp.tls
    mode tcp
    option tcplog
    log global
    bind unix@/run/haproxy-444-h2test.sock accept-proxy user haproxy
group haproxy mode 600 ssl crt /etc/haproxy/ssl/h2test.pem alpn h2,http/1.1 server socket-444_2 unix@/run/haproxy-444_2-h2test.sock send-proxy-v2 
      ^^^^^^^^^

And on this one as well. However it will break your H1. What are you
trying to do exactly ? Maybe there is a simpler solution.

Willy


--
Regards,
Christian Ruppert

Reply via email to