Hello,
I have an Haproxy with lots of different SNI and ACLs and I’m trying to configure HTTP2 on one specific SNI, but when I configure the haproxy.cfg as the example below, the requests to the site that should be accessible from HTTP2 works fine, but the others that should be accessible only with HTTP/1.1 are opening the site that is accessible from HTTP2.
H2 support is configured in the frontend with alpn h2,http/1.1. Nothing about what you do in the backend influences frontend H2 support.
You are already using crt-list, so I suggest you move the alpn configuration from the haproxy config file to the crt-list so you can do it per certificate:
I have crt-list configured and a line per sub-domain, however, I must say that the site that should open in HTTP2 and the one that should open in HTTP1.1 use the same certificate (because it’s a wildcard certificate). It’s that a problem?
This will not work. Browser will reuse the HTTP2 session to access all domains valid based on the certificate and that is why this would not work even if haproxy would support such a configuration.
You will have to use distinct, non overlapping certificates here.