HAProxy community

Selective ALPN based on host header

I have two names, h1.app.com and h2.app.com, pointing to the same haproxy instance.
haproxy is listening on port 80 and 443.
How do I ensure that SSL requests for:

The basic configuration I have is below, but not sure how to disable alpn for specific host (i.e. h1.app.com) headers:

defaults
    mode http
    option http-use-htx
    ...

frontend f_all
    maxconn 20000
    bind *:80
    bind *:443 ssl crt-list /haproxy/crt-list strict-sni alpn h2,http/1.1
    bind *:8080 proto h2
    mode http
    ...
    acl is-http2 fc_http_major 2
    use_backend b_h2 if is-http2
    default_backend b_h1

backend b_h1
    mode http
    balance roundrobin
    server 123.45.67.890:12324 123.45.67.890:12345 check

backend b_h2
    mode http
    balance roundrobin
    server 123.45.67.890:12326 123.45.67.890:12346 check

Make sure you have dedicated (so non-overlapping) certificates and configure them via crt-list, so you can configure per certificate alpn settings.

Sweet! I’ll try it out. Thanks.

I got this working by adding the necessary alpn section in my crt-list file. Thank you very much!

1 Like