Hi there, I am interested in testing HTTP/3 on haproxy 2.8, but I am not sure how to enable it. Currently, I run an Ubuntu 20.04 docker container using the command: ` docker run -ti --user root --privileged=true -p 8000:8000 -p 80:80 -p 443:443 -p 8404:8404-v /home/yuxiao/haproxy:/mnt/haproxy ubuntu:20.04 /bin/bash` Then I compile haproxy with the command found atThen, I started haproxy with the configuration file found at https://github.com/haproxytechblog/haproxy-2.6-http3/blob/main/init.sh ``` haproxy -vv HAProxy version 2.8-dev4-3ffbf3-62 2023/02/22 - https://haproxy.org/ Status: development branch - not safe for use in production. Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open Running on: Linux 5.15.0-1030-aws #34-Ubuntu SMP Mon Jan 23 20:13:32 UTC 2023 x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_QUIC=1 USE_PROMEX=1 USE_PCRE=1 DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL -OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC +RT +SHM_OPEN -SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=16). Built with OpenSSL version : OpenSSL 3.0.8+quic 7 Feb 2023 Running on OpenSSL version : OpenSSL 3.0.8+quic 7 Feb 2023 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 OpenSSL providers loaded : default Built with Lua version : Lua 5.3.3 Built with the Prometheus exporter as a service Built with network namespace support. Support for malloc_trim() is enabled. Built with zlib version : 1.2.11 Running on zlib version : 1.2.11 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.39 2016-06-14 Running on PCRE version : 8.39 2016-06-14 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with gcc compiler version 9.4.0 Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) quic : mode=HTTP side=FE mux=QUIC flags=HTX|NO_UPG|FRAMED h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG <default> : mode=HTTP side=FE|BE mux=H1 flags=HTX h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG <default> : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : prometheus-exporter Available filters : [BWLIM] bwlim-in [BWLIM] bwlim-out [CACHE] cache [COMP] compression [FCGI] fcgi-app [SPOE] spoe [TRACE] trace ``` Then, I start haproxy with the configuration file found at https://github.com/haproxytechblog/haproxy-2.6-http3/blob/main/haproxy/haproxy.cfg. The backend is a Python HTTP server (`python3 -m http.server 8080`) However, I am having trouble connecting to the server using HTTP/3. ``` curl https://0.0.0.0:443 -k -v --http3-only * Trying 0.0.0.0:443... * quiche: connection to 0.0.0.0:443 refused * connect to 0.0.0.0 port 443 failed: Couldn't connect to server * Failed to connect to 0.0.0.0 port 443 after 0 ms: Couldn't connect to server * Closing connection 0 curl: (7) quiche: connection to 0.0.0.0:443 refused ``` ``` curl https://0.0.0.0:443 -k -v --http3 * Trying 0.0.0.0:443... * quiche: connection to 0.0.0.0:443 refused * connect to 0.0.0.0 port 443 failed: Couldn't connect to server * Failed to connect to 0.0.0.0 port 443 after 0 ms: Couldn't connect to server * Trying 0.0.0.0:443... * Connected to 0.0.0.0 (127.0.0.1) port 443 (#0) * ALPN: offers http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=foo.com * start date: May 19 21:14:01 2022 GMT * expire date: Jun 18 21:14:01 2024 GMT * issuer: CN=minica root ca 350af3 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. * using HTTP/1.x > GET / HTTP/1.1 > Host: 0.0.0.0 > User-Agent: curl/8.0.0-DEV > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < server: SimpleHTTP/0.6 Python/3.8.10 < date: Fri, 24 Feb 2023 06:57:27 GMT < content-type: text/html; charset=utf-8 < content-length: 297 < alt-svc: h3=":443";ma=2592000; * HTTP/1.0 connection set to keep alive < connection: keep-alive < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" " http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Directory listing for /</title> </head> <body> <h1>Directory listing for /</h1> <hr> <ul> </ul> <hr> </body> </html> * Connection #0 to host 0.0.0.0 left intact ``` Please let me know if you have any advice or suggestions on how to successfully enable http3 on haproxy 2.8. Best regards