Hi Matthias,
On Sun, Sep 03, 2017 at 09:36:30AM +0200, Matthias Fechner wrote:
> Dear all,
>
> I configured some time ago haproxy to support http2 using tcp mode on
> FreeBSD.
>
> The configuration looked like:
>
> frontend www-https
> mode tcp
> option tcplog
> bind <ip>:<port> ssl crt /usr/local/etc/haproxy/certs/ alpn h2,http/1.1
> use_backend nginx-http2-backend if { ssl_fc_alpn -i h2 }
> default_backend nginx-http-backend
>
> backend nginx-http2-backend
> mode tcp
> server www-1 127.0.0.1:8083 check send-proxy
>
>
> Nginx on port 8083 is listing with this line:
> listen 127.0.0.1:8083 http2 proxy_protocol;
>
>
> That worked in the past. I have no idea when it stopped, but currently
> it is not working anymore.
> Is anyone aware of a change that could cause h2 to not working anymore?
Make sure that you built with openssl 1.0.2 (haproxy -vv). ALPN is only
provided in this version, not older ones. Also, maybe your nginx needs
to receive a proxy-protocol-v2 header to accept to enable H2 (it's the
only one which mentions SSL presence and a few extensions) ? In this
case you'll need to use "send-proxy-v2" instead of "send-proxy". I don't
have other ideas for now.
Willy
