On Mon, Feb 5, 2018 at 12:12 AM, Aleksandar Lazic <al-hapr...@none.at>

> Hi.
> Am 03-02-2018 10:25, schrieb Igor Cicimov:
> On Sat, Feb 3, 2018 at 6:02 PM, <garb...@gmx.de> wrote:
>> I need to set up haproxy 1.8.3 as a loadbalancer for several nginx
>>> webservers (1.13.x). The haproxy will be set up to support h2
>>> connections.
>>> I am undecided if it is a good idea to setup nginx for h2 also. I
>>> understand
>>> that haproxy will be able to talk to nginx more efficiently, but there
>>> is also
>>> a downside for the h2 handshake and more complicated protocol in
>>> contrast to a
>>> simple unencrypted http connection. The content I transfer between
>>> haproxy and
>>> nginx is absolutely public, so there is no added value or security if I
>>> encrypt it.
>>> Is it advisable to set up h2 between the two or not ? Criteria would be
>>> "less CPU usage" or "less connections between the two components" or even
>>> "faster transfer of data between nginx and haproxy"
>>> I have not yet come to a conclusion. I understand that for a detailled
>>> answer you
>>> would need to know more about the servers and type / amount of content
>>> transferred.
>>> But I am hoping for some general guidance here.
>> ​Very good question I had the same dilemma last week with similar case
>> like you
>> except my backend is Apache2. I decided to go with alpn/h2 in Haproxy and
>> h2c in
>> Apache (terminating SSL on HAP) hoping for lower latency and better
>> performance on
>> the clients side due to the benefits of h2. Haven't done any in depth
>> testing
>> though in order to compare the system utilization with and without h2c in
>> Apache.
>> The app is PHP and I use PHP5-FPM via fastcgi just to mention it for the
>> record.
>> I could see faster page loads but how much the h2c in Apache contributed
>> to it I
>> can't say for sure. More testing is needed and hope I'll get to it
>> sometime next week.
>> One thing confusing though is that all the requests in Haproxy are still
>> logged as
>> HTTP/1.1 although I was using h2load (and before someone asks, yes it was
>> in h2 mode
>> for sure) for testing. Not sure if I have missed some setting or is it
>> normal behaviour.
> In short: haproxy have h2 for the frontends but not for the backends, at
> the moment.
> This facts was mentioned in the announcement of haproxy 1.8
> https://www.mail-archive.com/haproxy@formilux.org/msg28004.html
> ```
> - HTTP/2 (Willy Tarreau) : HTTP/2 is automatically detected and processed
>     in HTTP frontends negociating the "h2" protocol name based on the ALPN
>     or NPN TLS extensions. At the moment the HTTP/2 frames are converted to
>     HTTP/1.1 requests before processing, so they will always appear as 1.1
>     in the logs (and in server logs). No HTTP/2 is supported for now on the
>     backend, though this is scheduled for the next steps. HTTP/2 support is
>     still considered EXPERIMENTAL, so just like for multi-threading, in
> case
>     of problem you may end up having to disable it for the time it takes to
>     solve the issue.
> ```
> I know this annoumcment is long with full details, due to this fact I have
> read it
> several times ;-)
> Hth
> Aleks

​There we go, thanks Aleksandar that explains it all.​

Reply via email to