Hello,
I have san certificate in FE with alpn h2,http/1.1 and i want to select backend based on fqdn (host) because i can’t use sni, i tried but it’s not working.
with curl -Lv --http2 it’s working but not with browser.
The first request allow to access backend and backend give me a location (302), i follow the request with the location url but i have 503.
What is the best way to configure with h2 and alpn if i have san certificate.
Thanks you for you help
San or wildcard certificat, don’t work with h2 ? If we have redirect.
SAN and wildcard certificates work perfectly fine with H2.
To access the hostname you need to access the host header with hdr(host).
There is nothing special about san or wildcard certificates, other than you must use the host header as opposed to sni values for routing decisions.
Thanks for your response.
my haproxy version 2.8.0.
I use alpn so hdr(host) but i have a 503 with browsers (firefox,chrome…) but not with curl.
–FE default config (so alpn h2 http/1.1)
----BE1 h2 (302 - redirect client to BE2)
----BE2 without h2
If i access directly to BE2 through FE it’s working or if i wait a bit after 503 and i refresh the page i access BE2.
i don’t know why but i’m checking headers and others parameters.
Could you tell me what is the difference between http.req.ver and [ssl_fc_alpn] ?
in my log i have /%[ssl_fc_alpn]–%[capture.req.ver]/
and i have /h2–HTTP/1.1/
Thanks
I don’t know what that means.
Ok, can you provide haproxy logs of this request?
I don’t know what this sentence means either.
http.req.ver is the HTTP version as extracted from the HTTP header.
ssl_fc_alpn is the ALPN selection by the client.
I suggest you provide the entire unredacted configuration, as well as the haproxy logs indicating the failed HTTP transaction.
I use alpn so hdr(host) means that I use hdr(host) content to select backend
I don’t know why I can’t connect, the selected backend is ok with hdr(host) I can see it in the log.
Now I compare the headers with curl and with browser, I will come back to let you know.