Le 26/10/2019 à 18:10, Ing. Andrea Vettori a écrit :
Hello,
I'm using haproxy 2.0.8 and ssl termination with h2 and http1.1 protocols.
Since today we always used http1.1 on the backends.
I’ve tried to use http2 on the development backend but I get truncated response
(not always but very often).
Trying to connect from the server running haproxy to the backend server using
curl with http2 I never get a truncated response.
Client-side I tried with two different browsers.
Any hint on what can cause this ?
Thank you!
Here is the configuration I’m using for the dev frontend/backend
frontend dev
bind xxxx:80
bind xxxx:443 ssl crt /etc/haproxy/ssl/wildcard1.pem crt
/etc/haproxy/ssl/wildcard2.pem crt /etc/haproxy/ssl/wildcard3.pem alpn h2,http/1.1
acl local_hostname hdr(host) -m beg 10.
http-request deny if local_hostname
use_backend dev-ssl-servers if { ssl_fc }
default_backend dev-servers
backend dev-ssl-servers
server webdev 10.2.2.50:8083 maxconn 750 proto h2
backend dev-servers
server webdev 10.2.2.50:8080 maxconn 750 proto h2
Hi,
If it is on a development platform, is there any way to have a full network
capture ? I guess you send HTTP/2 requests to HAProxy, in SSL. Thus, the capture
from the client side will be encrypted. Do you know if the responses are also
truncated for an http/1.1 client ? If yes, try to get the network capture this
way to have clear traffic on both sides. Another way is to use a client able to
send clear HTTP/2 requests. If it is possible, you may add "proto h2" on your
first bind line and try to get your capture this way.
BTW, is there anything strange in your logs ?
Finally, nghttp (https://nghttp2.org) is also a good tool to debug HTTP/2. You
may try it to know why the response is truncated.
Thanks,
--
Christopher Faulet