vixns
commented
4 years ago If you keep the defaults ssl_fc_sni based routing and multi domains or wildcard certificates, you will face the http2 reuse problem, all frontends using the same ssl certificate will be mixed.
https://discourse.haproxy.org/t/http2-reuse-problem/3286/4
As a workaround, use host header based templates, which IMO should be the marathon-lb defaults
cat HAPROXY_HTTPS_FRONTEND_ACL
acl host_{cleanedUpHostname} hdr(host) -i {hostname}
use_backend {backend} if host_{cleanedUpHostname}
cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH
acl auth_{cleanedUpHostname} http_auth(user_{backend})
acl host_{cleanedUpHostname} hdr(host) -i {hostname}
http-request auth realm "{realm}" if host_{cleanedUpHostname} !auth_{cleanedUpHostname}
use_backend {backend} if host_{cleanedUpHostname}
cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH_AND_PATH
acl auth_{cleanedUpHostname} http_auth(user_{backend})
acl host_{cleanedUpHostname} hdr(host) -i {hostname}
http-request auth realm "{realm}" if host_{cleanedUpHostname} path_{backend} !auth_{cleanedUpHostname}
use_backend {backend} if host_{cleanedUpHostname} path_{backend}
cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_PATH
acl host_{cleanedUpHostname} hdr(host) -i {hostname}
use_backend {backend} if host_{cleanedUpHostname} path_{backend}
cat HAPROXY_MAP_HTTPS_FRONTEND_ACL
use_backend %[req.hdr(host),lower,map_end({haproxy_dir}/domain2backend.map)]
Hi,
the Haproxy supports h2 frontend support and I tried to enable it with marathon-lb. I took a while but finally I was successful.
I created the following overwrite template HAPROXY_HTTPS_FRONTEND_HEAD file (including the leading and post empty line) and added into the template folder.
``
frontend marathon_https_in bind *:443 ssl {sslCerts} alpn h2,http/1.1 mode http
``
Can you document it as example or add a config parameter to be able to configure alpn protocols?