Hello, On Thu, 20 Jun 2019 at 18:28, Igor Pav <[email protected]> wrote: > On Thu, Jun 20, 2019 at 11:14 PM Lukas Tribus <[email protected]> wrote: > > > > On Thu, 20 Jun 2019 at 09:24, Igor Pav <[email protected]> wrote: > > > > > > Hi Lukas, > > > > > > Found when using h2, the request URI to squid is /xxxx without > > > http://example.com/, so squid return 400 error...
A H2 proxy request is different than a request to a HTTP/1.1 proxy. The "absolute-form" used in HTTP/1.1 proxies that squid requires: https://tools.ietf.org/html/rfc7230#section-5.3.2 does not exist in H2, this is divided into the pseudo-headers :method, :scheme, and :path in H2: https://httpwg.org/specs/rfc7540.html#HttpRequest Haproxy downgrades those h2 pseudo-headers to a normal HTTP/1.1 request; it can't know that this was a proxy request and that the backend server requires the URI in an absolute-form on the start-line. I don't see any solution, other than not negotiating H2, or make squid accept normal HTTP requests, I believe you can achieve this by adding the intercept keyword to your http_port configuration: https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat HTTPS works fine because CONNECT requests are not affected by this. Lukas
