HTTP2 and HTTP1 using SNI or ACLs


#1

Hello guys,

I’m using HA-Proxy version 1.8.8 2018/04/19 with http2

I was using the conf:

frontend fe_main_443
    bind :443 ssl crt /etc/haproxy/keys/ alpn h2,http/1.1

To activate http2, but I have a few backends running ruby thin server that became strange with this.

Note: My ‘keys’ directory has 18 different wildcard certs to be used with https (SNI, host-based)

Using ‘http/1.1,h2’ solved the broken backend, but also disabled the http2 from the others sites.

How can I enable http2 just to some sites, or otherwise, how can I disable http2 to some acl based url?

Thanks!


#2

Use the crt-list feature to specify per certificate ALPN values.


#3

Nice, worked like a charm, thanks!