HAProxy community

Reverse proxying http2 server!giving error


running haproxy in debug mode and following is the log

00000001:https.accept(0005)=0006 from []
00000001:https.clireq[0006:ffffffff]: PRI * HTTP/2.0

browser saying

below is my cfg:
frontend https
bind *:443 ssl crt /usr/local/ssl/tlkn_haproxy_bundle.pem alpn h2,http/1.1

acl host_apiv2             hdr(host) -i dapiv2.psqltom.com
reqadd X-Forwarded-Proto:\ https

use_backend nodes-http2 if { ssl_fc_alpn -i h2 }

backend nodes-http2
balance roundrobin
server apiv2-7101 check send-proxy
server apiv2-7002 check send-proxy
server apiv2-7003 check send-proxy
server apiv2-7004 check send-proxy


using haproxy 1.7.2 on ubuntu 16.04


nodes-http2 needs to be in tcp mode, and your backend server needs to accept unencrypted HTTP2 traffic on those ports.


I have the nodes-http2 server made in node like this

var spdy = require(‘spdy’),
fs = require(‘fs’);

var options = {
// Private key
key: fs.readFileSync(__dirname + ‘/keys/spdy-key.pem’),

// Fullchain file or cert file (prefer the former)
cert: fs.readFileSync(__dirname + ‘/keys/spdy-fullchain.pem’),

var server = spdy.createServer(options, function(req, res) {
res.end(‘hello world!’);

server.listen(process.env(“port”) || 3000);

I added mode tcp in backend nodes-http2 server in haproxy.cfg.
Still it doesn’t work.


Like I said you need your backend to accept unencrypted HTTP2 traffic, not encrypted SPDY.

You cannot send cleartext traffic to a TLS port, and you cannot send HTTP2 traffic to a SPDY stack either.