I’m working on a Debian Jessie (8) system, and need to get a verison of haproxy working that supports http/2 … I found this HOWTO for HAProxy+Jetty ( https://www.eclipse.org/jetty/documentation/current/http2-configuring-haproxy.html ), but when I do a ‘apt-get install haproxy’, it is installing 1.5.8 … the URL included does state, though, that "You will need HAProxy 1.5 or later, because it provides support for SSL and ALPN, both required by HTTP/2” … so that should be okay … ?
But I get: [ALERT] 349/062436 (12994) : parsing [/etc/haproxy/haproxy.cfg:34] : 'bind :443' : 'alpn' : library does not support TLS ALPN extension [ALERT] 349/062436 (12994) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 349/062436 (12994) : Fatal errors found in configuration. I’ve tried to do an ‘apt-get upgrade’, since I’m assuming, maybe incorrectly, that this is an openssl issue, not haproxy … but openssl shows: OpenSSL 1.0.1k 8 Jan 2015 I noticed it mentioned NPN, so changed alpn -> npn n the bind statement: bind :443 ssl crt /etc/ssl/hospitality.pro.pem no-sslv3 ciphers TLSv1.2 npn h2,http/1.1 Which allows me to start the server, but then I get the following when trying to hit the backend webhead: Dec 16 06:30:31 galera1 haproxy[13565]: 24.108.76.221:57752 [16/Dec/2015:06:30:31.817] https-in~ https_appserver/web2 156/0/1/1/158 400 424 - - ---- 0/0/0/0/0 0/0 "PRI * HTTP/2.0” Now, I tested both web heads *behind* haproxy, and they work great, but they are using ALPN, not NPN … no idea if that makes the difference, or if I’m hitting something else in the way of an error … ? Pointers / help on this would be appreciated … Thanks ...
