> On 29 Oct 2019, at 09:39, Christopher Faulet <cfau...@haproxy.com> wrote:
> 
> Le 28/10/2019 à 22:00, Christopher Faulet a écrit :
>>> macbookpro:~ andreavettori$ curl --http2 -v http://g.testhost
>> [SNIP]
>> Here, it is the expected behavior. HAProxy does not support explicit H2 
>> upgrade.
> 
> In Fact, for this one, I was wrong. The result should be more or less the 
> same that an HTTP/1.1 request. The upgrade should be ignored and the request 
> should be sent in H2 to the server without the header "Upgrade". In return, 
> the H2 response should be converted to HTTP/1.1 and sent to the client.
> 
> So, as for all requests on the ports 80 and 82, you have a configuration 
> issue. Looking at you complete configuration (with global and defaults 
> sections), it does not seem to be problem with your HAProxy configuration.
> So there is something else.

I’m not sure to understand what you’re referring about ?  Wrong/old libraries 
when compiling haproxy or … ?

This is the output of haproxy -vv

HA-Proxy version 2.0.8 2019/10/23 - https://haproxy.org/
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv 
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter 
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered 
-Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1

Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE -PCRE_JIT 
-PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM 
-STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT 
+CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB 
-SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD 
-OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=40).
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE     mux=H2
              h2 : mode=HTTP       side=FE        mux=H2
       <default> : mode=HTX        side=FE|BE     mux=H1
       <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services : none

Available filters :
        [SPOE] spoe
        [COMP] compression
        [CACHE] cache
        [TRACE] trace


There are no trailers in the response.

Here’s the curl log from the server where haproxy is running to the backend 
direct connection

curl --http2 -v --resolve g.testhost:8083:10.2.2.50 "http://g.testhost:8083"; > 
/tmp/1
* Added g.testhost:8083:10.2.2.50 to DNS cache
* Hostname g.testhost was found in DNS cache
*   Trying 10.2.2.50:8083...
* TCP_NODELAY set
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* 
Connected to g.testhost (10.2.2.50) port 8083 (#0)
> GET / HTTP/1.1
> Host: g.testhost:8083
> User-Agent: curl/7.66.0
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 101 
< Connection: Upgrade
< Upgrade: h2c
< Date: Tue, 29 Oct 2019 08:45:37 GMT
* Received 101
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
< set-cookie: JSESSIONID=AD70DA604A53D7095BF5EB46FA7DA33B; Path=/; Secure; 
HttpOnly
* Added cookie agentid="TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN" for domain 
g.testhost, path /, expire 3719822383
< set-cookie: agentid=TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN; 
Max-Age=2147483647; Expires=Sun, 16-Nov-2087 11:59:44 GMT; Path=/
* Added cookie mtt_id="TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN|" for domain 
testhost, path /, expire 3719822383
< set-cookie: mtt_id=TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN|; 
Max-Age=2147483647; Expires=Sun, 16-Nov-2087 11:59:44 GMT; Domain=testhost; 
Path=/
< cache-control: no-store, must-revalidate, max-age=0
< pragma: no-cache
< expires: Sat, 26 Jul 1997 05:00:00 GMT
< content-type: text/html;charset=UTF-8
< content-language: en-US
< date: Tue, 29 Oct 2019 08:45:37 GMT
< 
{ [8192 bytes data]
100  479k    0  479k    0     0  4363k      0 --:--:-- --:--:-- --:--:-- 4363k
* Connection #0 to host g.testhost left intact

and

curl --http2-prior-knowledge -v --resolve g.testhost:8083:10.2.2.50 
"http://g.testhost:8083"; > /tmp/1
* Added g.testhost:8083:10.2.2.50 to DNS cache
* Hostname g.testhost was found in DNS cache
*   Trying 10.2.2.50:8083...
* TCP_NODELAY set
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* 
Connected to g.testhost (10.2.2.50) port 8083 (#0)
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1797c10)
> GET / HTTP/2
> Host: g.testhost:8083
> User-Agent: curl/7.66.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
* Added cookie JSESSIONID="0C72F893F53B3C8CAB04408DE8F73DE5" for domain 
g.testhost, path /, expire 0
< set-cookie: JSESSIONID=0C72F893F53B3C8CAB04408DE8F73DE5; Path=/; HttpOnly
* Added cookie agentid="TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL" for domain 
g.testhost, path /, expire 3719822625
< set-cookie: agentid=TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL; 
Max-Age=2147483647; Expires=Sun, 16-Nov-2087 12:03:46 GMT; Path=/
* Added cookie mtt_id="TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL|" for domain 
testhost, path /, expire 3719822625
< set-cookie: mtt_id=TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL|; 
Max-Age=2147483647; Expires=Sun, 16-Nov-2087 12:03:46 GMT; Domain=testhost; 
Path=/
< cache-control: no-store, must-revalidate, max-age=0
< pragma: no-cache
< expires: Sat, 26 Jul 1997 05:00:00 GMT
< content-type: text/html;charset=UTF-8
< content-language: en-US
< date: Tue, 29 Oct 2019 08:49:39 GMT
< 
{ [8192 bytes data]
100  479k    0  479k    0     0  5581k      0 --:--:-- --:--:-- --:--:-- 5646k
* Connection #0 to host g.testhost left intact


Thanks

—
Ing. Andrea Vettori
Responsabile Sistemi Informativi

Reply via email to