H2 with local proxy and then to the real backends?


#1

Hi!

We’re using HAProxy with SSL termination, and we’d love to go to HTTP/2, but since that’s not possible yet in a frontend…

I had a crazy idea, that I wanted to ask here if it works before I even try something.

If I put up a frontend that is mode tcp (for the sake of SSL Forwarding and H2/ALPN), that connects to a loopback backend that does SSL termination, that which in turn, sends the request to the actual backend servers.

Would this be a possible (yet disencouraged) scenario, to implement HTTP/2 within the HAProxy?


#2

You can terminate SSL directly on your TCP frontend, with ALPN et all. No need for a loopback backend.

You just need a backend that can do plaintext H2 (H2c). Nginx, Varnish and I’m pretty sure Apache should be able to do this.

See:



#3

Yeah… We have IIS on three different servers and then a couple of other servers (apache, nginx, and so on)
None of them have their own certificates, we offload all SSL at the HAProxy, and H2 only supports TCP with SSL Forwarding, as I understand it.


#4

Don’t know about IIS, but like I said, nginx, Varnish and Apache support plaintext h2.


#5

I checked, it seems IIS only supports HTTP/2 over TLS currently. :confused: