Hi,

I have a concret use case that need http/2 : one ssl frontend with
multiple heterogeneous (h2,http/1.1) backends

gRPC is http2 only and if you have to use it behind a single domain
you need to be able to route http/2 traffic among http/1.1.

In this case, I need to apply some http specific rules (e.g. path_beg)
that require mode http to be enabled.
In the same time, I need to route http2 traffic to the right backend.

The problem is that the http2 backend is not mode http compliant so
there is a conflict between backends given the routing issue I have.

What I did to do this is having :

frontend f_https
  mode tcp
  bind ... alpn h2,http/1.1
  ...
  acl is_h2 ssl_fc_alpn -i h2
  use_backend b_grpc if h2
  use_backend b_http if !h2

frontend f_http
  mode http
  bind 127.0.0.1:80
  acl p_1 path_beg /1
  acl p_2 path_beg /2
  use_backend b_1 if p_1
  use_backend b_2 if p_2

backend b_http
   server internal 127.0.0.1:80

backend b_1
  mode http
  server api_1 10.0.0.1:8081
  server api_2 10.0.0.2:8081
backend b_2
  mode http
  server ws_1  10.0.0.1:8082
  server ws_2 10.0.0.2:8082
backend b_grpc
  mode tcp
  server grpc_1  10.0.0.1:8082
  server grpc_2  10.0.0.2:8082


Having HPACK parsing with mode http over h2 would simplify this by
just using HTTP ACLs and ALPN detection in the same frontend.

On Sat, Apr 9, 2016 at 11:30 AM, Pavlos Parissis
<pavlos.paris...@gmail.com> wrote:
> On 07/04/2016 06:01 μμ, Willy Tarreau wrote:
>> Hi Aleks,
>>
>> On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote:
>>> Hi Willy & other core devs/pms.
>>>
>>> I know that HTTP/2 is on the road-map but not ready yet.
>>>
>>> Would you be so kind and share some of your thoughts, stats and plans for
>>> HTTP/2.
>>
>> Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with
>> the server. Maybe we'll find that doing H2->H2 is easy enough but given our
>> past experiences guessing that two sides are only slightly more difficult
>> than a single one, I'd prefer to remain careful.
>>
>> Regarding the timing, I'm trying hard to get something for 1.7 next fall.
>> But to be very honnest, 90% of my time spent on haproxy is spent chasing
>> bugs these days, the last 10% are spent on code review.
>
> And this is very much appreciated by a lot of people(including my self).
> It increases the confidence level on the software when you know that
> devs are actively working on properly fixing bugs and avoid putting
> yet another monkey patch, so they can go back to development of new
> cool things.
>
> Having said, I would love to see H2 on client side and a _more_ proper
> connection pooling on the server side in 1.7 version.
>
> Cheers,
> Pavlos
>
>



-- 
Steven Le Roux
Jabber-ID : ste...@jabber.fr
0x39494CCB <ste...@le-roux.info>
2FF7 226B 552E 4709 03F0  6281 72D7 A010 3949 4CCB

Reply via email to