Haproxy 2.0.5 httpchk http/2 backend

Help!
1

Hello,

i am testing using http/2 on backend side. So on ssl backend:

option httpchk HEAD / HTTP/1.1\r\nHost:\ serverA.domain.fqdn\r\n\User-Agent:\ serverA
server serverA ipA:443 check ssl verify none maxconn 1000 alpn h2,http/1.1

This works, if nginx has only http/1.1 enabled.
When i change to

option httpchk HEAD / HTTP/2.0\r\nHost:\ serverA.domain.fqdn\r\n\User-Agent:\ serverA

it still works.

But, when i enable “alpn http2” on nginx side, haproxy fails to checks with L7RSP. What’s correct way to check via http/2 or better way (i am checking working php/source codes availability too). Tested with all headers lowercase and failed too.

Thanks

2

httpchk does not support H2, therefor if you enable H2 on nginx and haproxy, H2 will be negotiated and used, which leads to failure.

Limit check alpn to http1:

server serverA ipA:443 check ssl verify none maxconn 1000 alpn h2,http/1.1 check-alpn http/1.1
1 Like
3

Thanks, it worked.

4

httpchk does not support H2

are there any plans to add h2 support to httpchk?

I have a grpc server which only supports http/2. I’d like to do an L7 health check, but the backend server doesn’t support http/1.1. at all.

5

Will be in 2.2:

6

While a bit hackish it’s possible to perform h2 checks before haproxy 2.2. It won’t scale well with a lot of servers though. The idea is to check through an htx enabled listener, and h1 checks are translated to h2 by the listener before they hit your server.

defaults
  mode http

frontend foo
  bind *:1443 ssl crt ssl.pem
  default_backend bfoo

backend bfoo
  option httpchk GET / HTTP/1.1\r\nHost:\ foo.bar
  server s1 a.b.c:443 ssl verify none alpn h2 addr 127.0.0.1 port 8443 no-check-ssl check

listen s1
  bind 127.0.0.1:8443 
  server s1 a.b.c:443 ssl verify none alpn h2