Hi Matthias.
Am 31.03.2019 um 10:11 schrieb Matthias Fechner:
> Dear all,
>
> as HTTP2 is getting stable in haproxy 1.9.6 I decided to give it a try.
> Currently I have the following setup:
> frontend www-https
> mode tcp
> option tcplog
> bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/certs/
> alpn h2,http/1.1
> bind :::443 ssl crt /usr/local/etc/haproxy/certs/ alpn
> h2,http/1.1
>
> tcp-request inspect-delay 5s
> tcp-request content accept if HTTP
>
> acl client_attempts_ssh payload(0,7) -m bin 5353482d322e30
> use_backend ssh if client_attempts_ssh
>
> use_backend nginx-http2-backend if { ssl_fc_alpn -i h2 }
> default_backend nginx-http-backend
>
> backend nginx-http-backend
> mode tcp
> server www-1 127.0.0.1:8082 check send-proxy
I would do the following, untested.
> backend nginx-http2-backend
mode http
option http-use-htx
> http-request add-header X-Forwarded-Proto https
> server www-1 127.0.0.1:8083 check send-proxy
add `alpn h2` to the server line
Best regards
aleks
>
> backend ssh
> mode tcp
> option tcplog
> source 0.0.0.0 usesrc clientip
> server ssh 192.168.200.6:22
> timeout server 8h
>
> What I understood correctly from the documentation:
> https://www.haproxy.com/de/blog/haproxy-1-9-has-arrived/
>
> I must have the mode on http instead of tcp.
>
> Is it possible to keep this ssh switch in place and use HTX for http
> traffic?
> (currently switching to http is not possible, as the mode for backend
> and frontend must by equal, so I have to use tcp or http for both of them)
> But if I switch to http, I cannot use the ssh backend anymore.
>
> What do you recommend to get this solved (using another frontend you
> forward the traffic to it?).
>
> Thanks.
>
> Gruß
> Matthias
>
