Dear all,
as HTTP2 is getting stable in haproxy 1.9.6 I decided to give it a try.
Currently I have the following setup:
frontend www-https
mode tcp
option tcplog
bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/certs/
alpn h2,http/1.1
bind :::443 ssl crt /usr/local/etc/haproxy/certs/ alpn
h2,http/1.1
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
acl client_attempts_ssh payload(0,7) -m bin 5353482d322e30
use_backend ssh if client_attempts_ssh
use_backend nginx-http2-backend if { ssl_fc_alpn -i h2 }
default_backend nginx-http-backend
backend nginx-http-backend
mode tcp
server www-1 127.0.0.1:8082 check send-proxy
backend nginx-http2-backend
mode tcp
http-request add-header X-Forwarded-Proto https
server www-1 127.0.0.1:8083 check send-proxy
backend ssh
mode tcp
option tcplog
source 0.0.0.0 usesrc clientip
server ssh 192.168.200.6:22
timeout server 8h
What I understood correctly from the documentation:
https://www.haproxy.com/de/blog/haproxy-1-9-has-arrived/
I must have the mode on http instead of tcp.
Is it possible to keep this ssh switch in place and use HTX for http
traffic?
(currently switching to http is not possible, as the mode for backend
and frontend must by equal, so I have to use tcp or http for both of them)
But if I switch to http, I cannot use the ssh backend anymore.
What do you recommend to get this solved (using another frontend you
forward the traffic to it?).
Thanks.
Gruß
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
