On Sun, Dec 16, 2018 at 12:20 AM Willy Tarreau <w...@1wt.eu> wrote: > On Sat, Dec 15, 2018 at 11:11:58PM +0000, Nick Ramirez wrote: > > Thanks! That points me in the right direction. I found that to enable > Layer > > 7 health checks in this case, I would open another port on the web server > > that does not advertise HTTP/2 support (ALPN HTTP/1.1) or does not use > TLS > > (which also turns off HTTP/2 in the case of the Caddy web server), and > then > > use the "port" parameter on the server line to point to that port. > > > > backend webservers > > balance roundrobin > > option httpchk HEAD / > > server server1 web:443 ssl verify none alpn h2,http/1.1 check port > 80 > > > > Layer 7 health checks back up and running. :-) > > Yes definitely, if you have clear-text there it's the way to do it. > Otherwise you can do it in H1 over TLS since your server is supposed > to serve H1 if no ALPN is negociated, but it really depends how both > sides agree on this. And I would not be surprised if checks run over > H1/TLS force a new handshake to happen for regular traffic since a > single session key can be stored per server. > > Willy > > Hi,
I don't know H2 well, but can't we forge an HTTP/2 query using tcp-check script? Baptiste
