Hi Matthias,
Le 18/07/2016 à 10:07, Matthias Fechner a écrit :
Dear all,
I use haproxy 1.6.7 on a FreeBSD host.
I just try to do the following:
Check if hostname is domain1 or domain2 or bladomain3 or ... , mark it
to send the request to nginx
all other requests should go to apache backend.
Check if client support http2, if yes and nginx acl matches, send it to
nginx with a special port.
All the rest should go to apache backend.
I tried to do this using two acls and 3 backends (apache, nginx,
nginx-http2).
But I could not get it working and I'm not sure what I'm doing wrong.
Here my frontend and backend definition:
frontend www-https
mode tcp
bind 192.168.0.251:8443 ssl crt /usr/local/etc/haproxy/certs/
alpn h2,http/1.1
bind 192.168.200.6:8443 ssl crt /usr/local/etc/haproxy/certs/
alpn h2,http/1.1
bind localhost:443 ssl crt /usr/local/etc/haproxy/certs/ alpn
h2,http/1.1
bind 127.0.0.1:443 ssl crt /usr/local/etc/haproxy/certs/ alpn
h2,http/1.1
acl use_nginx hdr(host) -i domain1 domain2 bladomain3
You probably have an issue here : hdr(host) won't work with mode tcp.
If you wan't to check the domain provided by SNI, you should use
req.ssl_sni instead.
Have a look to the example provided in the documentation :
http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#req.ssl_sni
acl http2 ssl_fc_alpn -i h2
use_backend nginx-http2-backend if use_nginx http2
use_backend nginx-http-backend if use_nginx
default_backend apache-backend
backend apache-backend
server www-1 127.0.0.1:8081 check
backend nginx-http-backend
server www-1 127.0.0.1:8082 check
backend nginx-http2-backend
mode tcp
http-request add-header X-Forwarded-Proto https
server www-1 127.0.0.1:8083 check send-proxy
Can please someone point me to the mistake I did?
Thanks a lot!
Gruß
Matthias
--
Cyril Bonté