Hi Matthias. Am 31.03.2019 um 10:11 schrieb Matthias Fechner: > Dear all, > > as HTTP2 is getting stable in haproxy 1.9.6 I decided to give it a try. > Currently I have the following setup: > frontend www-https > mode tcp > option tcplog > bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/certs/ > alpn h2,http/1.1 > bind :::443 ssl crt /usr/local/etc/haproxy/certs/ alpn > h2,http/1.1 > > tcp-request inspect-delay 5s > tcp-request content accept if HTTP > > acl client_attempts_ssh payload(0,7) -m bin 5353482d322e30 > use_backend ssh if client_attempts_ssh > > use_backend nginx-http2-backend if { ssl_fc_alpn -i h2 } > default_backend nginx-http-backend > > backend nginx-http-backend > mode tcp > server www-1 127.0.0.1:8082 check send-proxy
I would do the following, untested. > backend nginx-http2-backend mode http option http-use-htx > http-request add-header X-Forwarded-Proto https > server www-1 127.0.0.1:8083 check send-proxy add `alpn h2` to the server line Best regards aleks > > backend ssh > mode tcp > option tcplog > source 0.0.0.0 usesrc clientip > server ssh 192.168.200.6:22 > timeout server 8h > > What I understood correctly from the documentation: > https://www.haproxy.com/de/blog/haproxy-1-9-has-arrived/ > > I must have the mode on http instead of tcp. > > Is it possible to keep this ssh switch in place and use HTX for http > traffic? > (currently switching to http is not possible, as the mode for backend > and frontend must by equal, so I have to use tcp or http for both of them) > But if I switch to http, I cannot use the ssh backend anymore. > > What do you recommend to get this solved (using another frontend you > forward the traffic to it?). > > Thanks. > > Gruß > Matthias >