Reverse proxying http2 server!giving error


#1

running haproxy in debug mode and following is the log

00000001:https.accept(0005)=0006 from [203.153.53.130:57862]
00000001:https.clireq[0006:ffffffff]: PRI * HTTP/2.0
00000001:nodes-http2.srvcls[0006:0007]
00000001:nodes-http2.clicls[0006:0007]
00000001:nodes-http2.closed[0006:0007]

browser saying
ERR_SPDY_PROTOCOL_ERROR

below is my cfg:
frontend https
bind *:443 ssl crt /usr/local/ssl/tlkn_haproxy_bundle.pem alpn h2,http/1.1

acl host_apiv2             hdr(host) -i dapiv2.psqltom.com
reqadd X-Forwarded-Proto:\ https

use_backend nodes-http2 if { ssl_fc_alpn -i h2 }

backend nodes-http2
balance roundrobin
server apiv2-7101 127.0.0.1:7101 check send-proxy
server apiv2-7002 127.0.0.1:7102 check send-proxy
server apiv2-7003 127.0.0.1:7103 check send-proxy
server apiv2-7004 127.0.0.1:7104 check send-proxy


#2

using haproxy 1.7.2 on ubuntu 16.04


#3

nodes-http2 needs to be in tcp mode, and your backend server needs to accept unencrypted HTTP2 traffic on those ports.


#4

I have the nodes-http2 server made in node like this

var spdy = require(‘spdy’),
fs = require(‘fs’);

var options = {
// Private key
key: fs.readFileSync(__dirname + ‘/keys/spdy-key.pem’),

// Fullchain file or cert file (prefer the former)
cert: fs.readFileSync(__dirname + ‘/keys/spdy-fullchain.pem’),
};

var server = spdy.createServer(options, function(req, res) {
res.writeHead(200);
res.end(‘hello world!’);
});

server.listen(process.env(“port”) || 3000);

I added mode tcp in backend nodes-http2 server in haproxy.cfg.
Still it doesn’t work.


#5

Like I said you need your backend to accept unencrypted HTTP2 traffic, not encrypted SPDY.

You cannot send cleartext traffic to a TLS port, and you cannot send HTTP2 traffic to a SPDY stack either.