Trying to setup HAProxy for HTTP/2
Edited /etc/haproxy/haproxy.cfg with the following:
## HAproxy as a load balancer
frontend web-frontend
mode http
bind :443 ssl crt /etc/ssl/haproxy_certificate.crt alpn h2,http/1.1
default_backend web-backend
backend web-backend
mode http
balance roundrobin
server flask-server1 10.141.1.160:443 ssl alpn h2,http/1.1
server flask-server2 10.141.1.163:443 ssl alpn h2,http/1.1
When I try to verify the configuration with the command:
haproxy -c -f /etc/haproxy/haproxy.cfg
I get error:
[ALERT] 180/155952 (11291) : parsing [/etc/haproxy/haproxy.cfg:48] : 'server flask-server1' unknown keyword 'alpn'. Registered keywords :
[ SSL] allow-0rtt [dflt_ok]
[ SSL] ca-file <arg> [dflt_ok]
[ SSL] check-sni <arg> [dflt_ok]
[ SSL] check-ssl [dflt_ok]
[ SSL] ciphers <arg> [dflt_ok]
[ SSL] crl-file <arg> [dflt_ok]
[ SSL] crt <arg> [dflt_ok]
[ SSL] force-sslv3 [dflt_ok]
[ SSL] force-tlsv10 [dflt_ok]
[ SSL] force-tlsv11 [dflt_ok]
[ SSL] force-tlsv12 [dflt_ok]
[ SSL] force-tlsv13 [dflt_ok]
[ SSL] no-check-ssl [dflt_ok]
[ SSL] no-send-proxy-v2-ssl [dflt_ok]
[ SSL] no-send-proxy-v2-ssl-cn [dflt_ok]
[ SSL] no-ssl [dflt_ok]
[ SSL] no-ssl-reuse [dflt_ok]
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tlsv13
[ SSL] no-tls-tickets [dflt_ok]
[ SSL] send-proxy-v2-ssl [dflt_ok]
[ SSL] send-proxy-v2-ssl-cn [dflt_ok]
[ SSL] sni <arg> [dflt_ok]
[ SSL] ssl [dflt_ok]
[ SSL] ssl-min-ver <arg> [dflt_ok]
[ SSL] ssl-max-ver <arg> [dflt_ok]
[ SSL] ssl-reuse [dflt_ok]
[ SSL] tls-tickets [dflt_ok]
[ SSL] verify <arg> [dflt_ok]
[ SSL] verifyhost <arg> [dflt_ok]
[ ALL] addr <arg> [dflt_ok]
[ ALL] agent-check [dflt_ok]
[ ALL] backup [dflt_ok]
[ ALL] check [dflt_ok]
[ ALL] check-send-proxy [dflt_ok]
[ ALL] cookie <arg> [dflt_ok]
[ ALL] disabled [dflt_ok]
[ ALL] enabled [dflt_ok]
[ ALL] id <arg>
[ ALL] namespace <arg> [dflt_ok]
[ ALL] no-agent-check [dflt_ok]
[ ALL] no-backup [dflt_ok]
[ ALL] no-check [dflt_ok]
[ ALL] no-check-send-proxy [dflt_ok]
[ ALL] no-send-proxy [dflt_ok]
[ ALL] no-send-proxy-v2 [dflt_ok]
[ ALL] non-stick [dflt_ok]
[ ALL] observe <arg> [dflt_ok]
[ ALL] redir <arg> [dflt_ok]
[ ALL] send-proxy [dflt_ok]
[ ALL] send-proxy-v2 [dflt_ok]
[ ALL] source <arg> [dflt_ok]
[ ALL] stick [dflt_ok]
[ ALL] track <arg> [dflt_ok]
[ TCP] tcp-ut <arg> [dflt_ok]
[ALERT] 180/155952 (11291) : parsing [/etc/haproxy/haproxy.cfg:49] : 'server flask-server2' unknown keyword 'alpn'.
[ALERT] 180/155952 (11291) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 180/155952 (11291) : Fatal errors found in configuration.
OS: Ubuntu 20.04
HAproxy Version: 1.8.8
OpenSSL version: 1.1.1
It seem OpenSSL is not able to find keyword: alpn, which it should given my OpenSSL version is > 1.0.2, according to this HAProxy doc: https://www.haproxy.com/documentation/hapee/latest/load-balancing/protocols/http-2/#
Any leads?
2
Answers
You should updated haproxy from this repo https://haproxy.debian.net/ as your version is very outdated https://www.haproxy.org/bugs/bugs-1.8.8.html
In fact, you are looking for end-to-end-http 2 (frontend and backend)
Even if the h2 on frontend appear in 1.8, h2 with backend server appear in 2.0
https://www.haproxy.com/fr/blog/haproxy-2-0-and-beyond/#end-to-end-http-2
So like the other answer you must at least got a version 2.0 of ha proxy.