HAProxy community

How to use TCP & HTTP/2 both inside frontend


Im try to put Dns-over-TLS and HTTPS into HAproxy 1.9.7 on Debian9
This settings works with DoH, but DoT not working. I wanna share port 443 on both services
Without HTTP/2, everything works fine ~~

frontend doh-in
    no log
    bind :::443 v4v6  ssl crt /etc/haproxy/dot-jp.blahdns.pem alpn h2,http/1.1
    http-response set-header Strict-Transport-Security "max-age=31536000"
    tcp-request inspect-delay 3s
    tcp-request content accept if HTTP
    tcp-request content accept if { req.ssl_hello_type 1 }
    use_backend dot-server if { req.ssl_hello_type 1 }
    use_backend doh-server if { ssl_fc_alpn -i h2 }
    use_backend doh-server if HTTP

    acl dns_url path /dns-query

    use_backend doh-server if dns_url
    default_backend dot-server

backend dot-server
    mode tcp
    server dns

backend doh-server
    http-response del-header server
    http-response del-header x-powered-by
    server doh-proxy