I give a try to other browsers. Chrome and Brave both fails, even in private browsing.
Firefox however succeeded in private browsing but failed in classic browsing, even after clearing all caches. I gave a try to FF75.0 in Windows : it fails both in classic and private browsing. -- Ionel GARDAIS Tech'Advantage CIO - IT Team manager ----- Mail original ----- De: "Ionel GARDAIS" <ionel.gard...@tech-advantage.com> À: "Jarno Huuskonen" <jarno.huusko...@uef.fi> Cc: "haproxy" <haproxy@formilux.org> Envoyé: Dimanche 26 Avril 2020 11:13:46 Objet: Re: [*EXT*] Re: 404 + VN when enabling h2 in front of keycloak Hi Jarno, Thanks for these pointers. I'm running 2.1.4. keycloak does not say anything : no warnings nor errors. I give a try to no option http-use-hex with no luck : same issue. However, mystery gets deeper : it works with Safari 11.1.2 (I know, got an old OS X) but fails with Firefox 75.0. Safari calls in H2 return HTTP 200 or HTTP 302 with --VR or --VN. Firefox calls are still returning HTTP 404 with --VN. I'll try to dump header for both callers. -- Ionel GARDAIS Tech'Advantage CIO - IT Team manager ----- Mail original ----- De: "Jarno Huuskonen" <jarno.huusko...@uef.fi> À: "Ionel GARDAIS" <ionel.gard...@tech-advantage.com>, "haproxy" <haproxy@formilux.org> Envoyé: Dimanche 26 Avril 2020 10:43:42 Objet: [*EXT*] Re: 404 + VN when enabling h2 in front of keycloak Hi Ionel, On Sat, 2020-04-25 at 11:22 +0200, Ionel GARDAIS wrote: > I tried to enable h2 in our haproxy setup. What's your haproxy version ? > Most proxied servers work well except Keycloak (SSO solution) > > While everything works fine in HTTP/1.1, Keycloak returns a 404 and > haproxy shows a --VN status in h2. Have tested w/out HTX (no option http-use-htx ( https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-option%20http-use-htx )) ? Does keycloak log anything useful ? > As there are two Keycloak servers working in pair, the backend is > defined as > > backend bck-keycloak > cookie AUTH_SESSION_ID prefix > server keycloak 192.168.8.27:8080 check cookie s1 > server keycloak-bck 192.168.8.28:8080 check cookie s2 > > Are their specific tuning required for h2 to work correctly ? Maybe keycloak is case sensitive on some http headers ? Have you tried comparing http/1.1 and http/2 request headers going to keycloak server ? ( https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#h1-case-adjust ) -Jarno -- Jarno Huuskonen -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301 -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301