HAProxy community

HTTP2/HTTP1.1 to one backend

Hello!
Help me please!
I have backend which supports http2 and http1.1. I need to do SSL offload on haproxy side, then send it reencryted to backend. So I have a problem with the following config:

frontend test_tcp443
bind 10.220.44.3:443 ssl crt test.pem alpn h2,http/1.1
option http-use-htx
default_backend test_tcp8443

backend test_tcp8443
balance roundrobin
option tcp-check
option http-use-htx
server test 10.220.44.3:8443 check ssl verify none alpn h2,http/1.1

If I send http2 request to frontend, it works as expected.

  1. Frontend receive http2
  2. Haproxy negotiate over alpn with backend server to use http2
  3. Haproxy send http2 traffic to backend

If I send http1.1 request to frontend, there is some trouble.

  1. Frontend receive http1
  2. Haproxy negotiate over alpn with backend server to use http2
  3. Haproxy send http2 traffic to backend
    In this scenario I have broken websocket protocol.

So I have a question. How to create configuration that supports the following tasks:

  1. SSL offload, reencrypt, sends SSL to backend
  2. Sends HTTP2 request over HTTP2 to backend
  3. Sends HTTP1 request over HTTP1 to backend

You can try a solution with 2 backends, one for HTTP1/1 and one for HTTP/2 and in the frontend you can take a routing decision, such as:

use_backend bhttp2 if { req.ver 2.0 }
1 Like

Iā€™m very grateful to you! It works as expected