Hello!
Help me please!
I have backend which supports http2 and http1.1. I need to do SSL offload on haproxy side, then send it reencryted to backend. So I have a problem with the following config:
frontend test_tcp443
bind 10.220.44.3:443 ssl crt test.pem alpn h2,http/1.1
option http-use-htx
default_backend test_tcp8443
backend test_tcp8443
balance roundrobin
option tcp-check
option http-use-htx
server test 10.220.44.3:8443 check ssl verify none alpn h2,http/1.1
If I send http2 request to frontend, it works as expected.
- Frontend receive http2
- Haproxy negotiate over alpn with backend server to use http2
- Haproxy send http2 traffic to backend
If I send http1.1 request to frontend, there is some trouble.
- Frontend receive http1
- Haproxy negotiate over alpn with backend server to use http2
- Haproxy send http2 traffic to backend
In this scenario I have broken websocket protocol.
So I have a question. How to create configuration that supports the following tasks:
- SSL offload, reencrypt, sends SSL to backend
- Sends HTTP2 request over HTTP2 to backend
- Sends HTTP1 request over HTTP1 to backend