skip to Main Content

Trying to setup HAProxy for HTTP/2

Edited /etc/haproxy/haproxy.cfg with the following:

## HAproxy as a load balancer
frontend web-frontend
   mode http
   bind :443 ssl crt /etc/ssl/haproxy_certificate.crt alpn h2,http/1.1
   default_backend web-backend

backend web-backend
   mode http
   balance roundrobin
   server flask-server1 10.141.1.160:443 ssl alpn h2,http/1.1
   server flask-server2 10.141.1.163:443 ssl alpn h2,http/1.1

When I try to verify the configuration with the command:

haproxy -c -f /etc/haproxy/haproxy.cfg

I get error:

[ALERT] 180/155952 (11291) : parsing [/etc/haproxy/haproxy.cfg:48] : 'server flask-server1' unknown keyword 'alpn'. Registered keywords :
    [ SSL] allow-0rtt [dflt_ok]
    [ SSL] ca-file <arg> [dflt_ok]
    [ SSL] check-sni <arg> [dflt_ok]
    [ SSL] check-ssl [dflt_ok]
    [ SSL] ciphers <arg> [dflt_ok]
    [ SSL] crl-file <arg> [dflt_ok]
    [ SSL] crt <arg> [dflt_ok]
    [ SSL] force-sslv3 [dflt_ok]
    [ SSL] force-tlsv10 [dflt_ok]
    [ SSL] force-tlsv11 [dflt_ok]
    [ SSL] force-tlsv12 [dflt_ok]
    [ SSL] force-tlsv13 [dflt_ok]
    [ SSL] no-check-ssl [dflt_ok]
    [ SSL] no-send-proxy-v2-ssl [dflt_ok]
    [ SSL] no-send-proxy-v2-ssl-cn [dflt_ok]
    [ SSL] no-ssl [dflt_ok]
    [ SSL] no-ssl-reuse [dflt_ok]
    [ SSL] no-sslv3
    [ SSL] no-tlsv10
    [ SSL] no-tlsv11
    [ SSL] no-tlsv12
    [ SSL] no-tlsv13
    [ SSL] no-tls-tickets [dflt_ok]
    [ SSL] send-proxy-v2-ssl [dflt_ok]
    [ SSL] send-proxy-v2-ssl-cn [dflt_ok]
    [ SSL] sni <arg> [dflt_ok]
    [ SSL] ssl [dflt_ok]
    [ SSL] ssl-min-ver <arg> [dflt_ok]
    [ SSL] ssl-max-ver <arg> [dflt_ok]
    [ SSL] ssl-reuse [dflt_ok]
    [ SSL] tls-tickets [dflt_ok]
    [ SSL] verify <arg> [dflt_ok]
    [ SSL] verifyhost <arg> [dflt_ok]
    [ ALL] addr <arg> [dflt_ok]
    [ ALL] agent-check [dflt_ok]
    [ ALL] backup [dflt_ok]
    [ ALL] check [dflt_ok]
    [ ALL] check-send-proxy [dflt_ok]
    [ ALL] cookie <arg> [dflt_ok]
    [ ALL] disabled [dflt_ok]
    [ ALL] enabled [dflt_ok]
    [ ALL] id <arg>
    [ ALL] namespace <arg> [dflt_ok]
    [ ALL] no-agent-check [dflt_ok]
    [ ALL] no-backup [dflt_ok]
    [ ALL] no-check [dflt_ok]
    [ ALL] no-check-send-proxy [dflt_ok]
    [ ALL] no-send-proxy [dflt_ok]
    [ ALL] no-send-proxy-v2 [dflt_ok]
    [ ALL] non-stick [dflt_ok]
    [ ALL] observe <arg> [dflt_ok]
    [ ALL] redir <arg> [dflt_ok]
    [ ALL] send-proxy [dflt_ok]
    [ ALL] send-proxy-v2 [dflt_ok]
    [ ALL] source <arg> [dflt_ok]
    [ ALL] stick [dflt_ok]
    [ ALL] track <arg> [dflt_ok]
    [ TCP] tcp-ut <arg> [dflt_ok]
[ALERT] 180/155952 (11291) : parsing [/etc/haproxy/haproxy.cfg:49] : 'server flask-server2' unknown keyword 'alpn'.
[ALERT] 180/155952 (11291) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 180/155952 (11291) : Fatal errors found in configuration.

OS: Ubuntu 20.04

HAproxy Version: 1.8.8

OpenSSL version: 1.1.1

It seem OpenSSL is not able to find keyword: alpn, which it should given my OpenSSL version is > 1.0.2, according to this HAProxy doc: https://www.haproxy.com/documentation/hapee/latest/load-balancing/protocols/http-2/#

Any leads?

2

Answers


  1. You should updated haproxy from this repo https://haproxy.debian.net/ as your version is very outdated https://www.haproxy.org/bugs/bugs-1.8.8.html

    Login or Signup to reply.
  2. In fact, you are looking for end-to-end-http 2 (frontend and backend)

    Even if the h2 on frontend appear in 1.8, h2 with backend server appear in 2.0
    https://www.haproxy.com/fr/blog/haproxy-2-0-and-beyond/#end-to-end-http-2

    So like the other answer you must at least got a version 2.0 of ha proxy.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search