Hello,
we use HAProxy on Ubuntu servers to distribute an HTTP tunnel to various backends.
Up to HAProxy version 2.6, this worked very well with the following configuration:
frontend https443
mode http
bind *:443 tfo ssl crt cert.pem alpn h2,http/1.1
use_backend app00 if { something }
default_backend not-found
backend not-found
mode http
http-request silent-drop
backend app00
mode http
server app00 some_ip:8443 ssl tfo
However, starting from version 2.8 and newer, the HTTP tunnel with this configuration has become extremely slow. I can only solve the problem with the following new configuration:
listen https443tcp
mode tcp
bind *:444 accept-proxy tfo
server https443tcp /https443.sock send-proxy-v2
frontend https443
mode http
bind /https443.sock user haproxy group haproxy mode 660 accept-proxy tfo ssl crt cert.pem alpn h2,http/1.1
use_backend app00 if { something }
default_backend not-found
backend not-found
mode http
http-request silent-drop
backend app00
mode http
server app00 /app00.sock ssl send-proxy-v2 tfo alpn h2,http/1.1
listen app00tcp
mode tcp
bind /app00.sock user haproxy group haproxy mode 660 accept-proxy
server app00tcp some_ip:8443
I have to add incoming and outgoing tcp listeners.
What could be the cause of this?