HAPROXY 1.8.9 compled with USE_SYSTEMD=1 make h2 bad request


#1

Hi All,

I’ve build haproxy 1.8.9 in centos 7.5.1804

make TARGET=linux2628 ARC=x86_64 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CRYPT_H=1 USE_LIBCRYPT=1

in my harpoxy.cfg
frontend HTTP-IN
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/ps.pem ca-file /etc/haproxy/certs/gd_bundle-g2-g1.crt alpn h2,http/1.1
mode http
maxconn 100000
option http-keep-alive
option forwardfor
option httpclose

I add a “h2” in bind 443 line, however, it doesn’t work, the browser return 400 BAD REQUEST (chrome 66.0.3359.181 or firefox 60.0.2 , but IE 11 works fine)
however , if I make taget without “USE_SYSTEMD=1”, it works fine, any idea why?

Thanks for any help!!!

Regards,
rickei


#2

Hi All,

some more findings, if compile without “USE_SYSTEMD=1”, the acl doesn’t work too

    acl network_allowed src [my ip address]
    http-request deny if !network_allowed

even not my ip address can access …
seems if without “USE_SYSTEMD=1”, it will bypass all network checking, even h2 protocol

when compile with “USE_SYSTEMD=1”, and I remove h2 in bind 443 line, it’s ok, and the acl line works too.

Rgds,
rickei