After seeing the 1.8.4 release, I decided to upgrade and try to run http/2 again
Unfortunately as soon I enable it, I see intermittent 500 errors from our fleet. I know a lot of work went in between 1.8.2 and 1.8.3 to reduce these errors, yes its very few but a customer did notice, so we had to roll it back. Let me know how I can help diagnose this. [image: Screen Shot 2018-02-10 at 12.45.14 AM.png] All I need is to enable * alpn h2,http/1.1 *to see 500 errors happening. global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 pidfile /var/run/haproxy.pid stats socket /var/run/haproxy.stat mode 600 level admin daemon hard-stop-after 30s tune.ssl.default-dh-param 1024 tune.ssl.cachesize 100000 ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets tune.bufsize 16384 tune.maxrewrite 1024 ssl-engine rdrand ssl-mode-async nbthread 4 defaults log global mode http compression algo gzip compression type text/html text/plain text/css application/javascript application/octet-stream application/json option httplog option dontlognull option redispatch option tcp-smart-accept option tcp-smart-connect option forwardfor timeout check 5s timeout client 50s timeout tunnel 60000s timeout connect 20s timeout http-keep-alive 15s timeout http-request 30s timeout queue 20s timeout server 50s hash-balance-factor 125 balance hdr(Cookie) hash-type consistent djb2 stats enable stats hide-version stats auth redacted:redacted stats uri /redacted default-server inter 5s fall 3 rise 1 frontend health_check bind *:8081 timeout client 5s monitor-uri / frontend http bind :::80 v4v6 maxconn 4096 redirect scheme https if !{ ssl_fc } default_backend assets_backend frontend https bind :::443 v4v6 ssl crt /etc/ssl/www.ourdomain.com.crt no-sslv3 no-tls-tickets *# alpn h2,http/1.1* maxconn 4096 .... -