Hello, I have also problems with h2 and http 1.1 backends (Apache/2.4.25, gogs) since the update on haproxy 2.0, see my build script. I would say, all domains with cookies are broken. Disable h2 or disable htx works works me.
My config:
defaults
log global
mode http
option httplog
option dontlognull
option tcp-smart-connect
option tcp-smart-accept
# use kernel splice system call to lower latency
option splice-auto
option forwardfor
option socket-stats
no option http-use-htx
timeout http-request 20s
timeout connect 5s
timeout client 50s
timeout server 50s
timeout check 800
frontend http
bind *:80 name http
bind *:443 name https ssl crt /etc/haproxy/certs/foo.pem crt
/etc/haproxy/certs/ ecdhe secp384r1 alpn h2,http/1.1
# bind *:443 name https ssl crt /etc/haproxy/certs/foo.pem crt
/etc/haproxy/certs/ ecdhe secp384r1 alpn http/1.1
compression algo gzip
compression type text/html text/plain text/javascript
application/javascript application/xml text/css
# force https for known domains
acl hostname_has_backend
hdr(Host),lower,map(/etc/haproxy/hostname2backend.map) -m found
http-request redirect scheme https code 301
if !{ ssl_fc } hostname_has_backend
# stats backend
acl stats-acl path_beg /haproxy
use_backend bk_stats
if stats-acl
# routing for known domains
use_backend
bk_%[hdr(Host),lower,map(/etc/haproxy/hostname2backend.map)] if
hostname_has_backend
backend bk_apache
server apache 127.0.0.1:8080 check
Michael
Am 20.06.19 um 17:13 schrieb Lukas Tribus:
> On Thu, 20 Jun 2019 at 09:24, Igor Pav <[email protected]> wrote:
>>
>> Hi Lukas,
>>
>> Found when using h2, the request URI to squid is /xxxx without
>> http://example.com/, so squid return 400 error...
>
> Can you disable htx and check again:
> no option http-use-htx
>
> in the default section.
>
>
> Lukas
>
build-haproxy.sh
Description: application/shellscript
signature.asc
Description: OpenPGP digital signature
