Hi, I recently switched from nginx to haproxy 1.8 for SSL termination and load balancing in front of my application but saw an odd behaviour with "alpn h2,http/1.1" enabled on my frontend.
I'm running a single haproxy instance in front of my applications switching between them based on "ssl_fc_sni" or HTTP host. However once a request comes in the first requests are passed to the correct backend server (let's call it jira.example.com). If I open another browser-session (same browser, another tab) to open a second application terminated by that haproxy instance - quickly, I assume before the tcp session times out (let's call this confluence.example.com) chances are pretty high my requests will be passed to jira backend servers, though on the logs it shows it found the correct HTTP host, but routing requests to the wrong backend service. All requests are routed fine (even under heavy load) once I remove "h2" from alpn on my frontend. Tried option httpclose and option http-server-close on "their" places beforehand, but had no luck with those. Removing h2 seemed the only solution for now as it seemed as haproxy does behave properly in this case. I'm currently using haproxy 1.8.1 from haproxy.debian.net: HA-Proxy version 1.8.1-1~bpo9+1 2017/12/04 Copyright 2000-2017 Willy Tarreau <[email protected]> You can find my haproxy config (stripped down to the relavant parts - in the end I'm running just "more" applications on this instance) here: https://gist.github.com/hexa2k9/b5b31c09990e9ac15be07285e6fff3e5 If further info is needed will be happy to provide. Any hints appreciated. Cheers, Chris
smime.p7s
Description: S/MIME cryptographic signature
