HAProxy HTTP/1.1 to HTTP/2 WebSocket Conversion

I am considering the following architecture:

User → HAProxy → Envoy → WebSocket Server

  • User → HAProxy: HTTP/1.1
  • HAProxy → Envoy: HTTP/2
  • Envoy → WebSocket Server: HTTP/1.1

However, it seems that my HAProxy only supports HTTP/2 for the connection itself and doesn’t effectively utilize MUX or similar features. It feels like it’s falling short in this aspect.

On the other hand, I’ve confirmed that the WebSocket connection works properly through an HTTP/2 tunnel when using the following architecture:

User → Edge-Envoy → HAProxy → Envoy → WebSocket Server

  • User → Edge-Envoy: HTTP/1.1
  • Edge-Envoy → HAProxy: HTTP/2
  • HAProxy → Envoy: HTTP/2
  • Envoy → WebSocket Server: HTTP/1.1

I am also aware of RFC 8441, which defines the “Bootstrapping WebSockets with HTTP/2” extension. This allows WebSocket connections to be established over an HTTP/2 connection using the ENABLE_CONNECT_PROTOCOL setting. However, HAProxy currently supports RFC 8441 in a bypass manner only and does not fully handle WebSocket upgrades. As a result, HAProxy seems to have limitations when dealing with WebSocket connections in an HTTP/2 environment.

Is there a way to work around HAProxy’s limitations to properly handle HTTP/2 WebSocket tunneling in the first architecture? Or should I always consider adding an additional Edge-Envoy layer for this scenario? Any recommendations or insights would be greatly appreciated!