How to test HTTP/3 on version 2.8?

Thu, 23 Feb 2023 23:08:22 -0800 

Hi there,

I am interested in testing HTTP/3 on haproxy 2.8, but I am not sure how to
enable it. Currently, I run an Ubuntu 20.04 docker container using the
command:
` docker run -ti --user root --privileged=true -p 8000:8000 -p 80:80 -p
443:443 -p 8404:8404-v /home/yuxiao/haproxy:/mnt/haproxy ubuntu:20.04
/bin/bash`
Then I compile haproxy with the command found atThen, I started haproxy
with the configuration file found at
https://github.com/haproxytechblog/haproxy-2.6-http3/blob/main/init.sh
```
haproxy -vv
HAProxy version 2.8-dev4-3ffbf3-62 2023/02/22 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Linux 5.15.0-1030-aws #34-Ubuntu SMP Mon Jan 23 20:13:32 UTC
2023 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = cc
  CFLAGS  = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement
-Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2
-Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered
-Wno-missing-field-initializers -Wno-cast-function-type
-Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_QUIC=1
USE_PROMEX=1 USE_PCRE=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY
+CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE
-LIBATOMIC +LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH
-MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL
-OT +PCRE -PCRE2 -PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX
-PTHREAD_EMULATION +QUIC +RT +SHM_OPEN -SLZ +SSL -STATIC_PCRE -STATIC_PCRE2
+SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256,
default=16).
Built with OpenSSL version : OpenSSL 3.0.8+quic 7 Feb 2023
Running on OpenSSL version : OpenSSL 3.0.8+quic 7 Feb 2023
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
OpenSSL providers loaded : default
Built with Lua version : Lua 5.3.3
Built with the Prometheus exporter as a service
Built with network namespace support.
Support for malloc_trim() is enabled.
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 9.4.0

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
       quic : mode=HTTP  side=FE     mux=QUIC  flags=HTX|NO_UPG|FRAMED
         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG
       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX
         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG
  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=
       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG

Available services : prometheus-exporter
Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace
```
Then, I start haproxy with the configuration file found at
https://github.com/haproxytechblog/haproxy-2.6-http3/blob/main/haproxy/haproxy.cfg.
The backend is a Python HTTP server (`python3 -m http.server 8080`)
However, I am having trouble connecting to the server using HTTP/3.
```
curl https://0.0.0.0:443 -k -v --http3-only
*   Trying 0.0.0.0:443...
* quiche: connection to 0.0.0.0:443 refused
* connect to 0.0.0.0 port 443 failed: Couldn't connect to server
* Failed to connect to 0.0.0.0 port 443 after 0 ms: Couldn't connect to
server
* Closing connection 0
curl: (7) quiche: connection to 0.0.0.0:443 refused
```

```
curl https://0.0.0.0:443 -k -v --http3
*   Trying 0.0.0.0:443...
* quiche: connection to 0.0.0.0:443 refused
* connect to 0.0.0.0 port 443 failed: Couldn't connect to server
* Failed to connect to 0.0.0.0 port 443 after 0 ms: Couldn't connect to
server
*   Trying 0.0.0.0:443...
* Connected to 0.0.0.0 (127.0.0.1) port 443 (#0)
* ALPN: offers http/1.1
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: CN=foo.com
*  start date: May 19 21:14:01 2022 GMT
*  expire date: Jun 18 21:14:01 2024 GMT
*  issuer: CN=minica root ca 350af3
*  SSL certificate verify result: unable to get local issuer certificate
(20), continuing anyway.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 0.0.0.0
> User-Agent: curl/8.0.0-DEV
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< server: SimpleHTTP/0.6 Python/3.8.10
< date: Fri, 24 Feb 2023 06:57:27 GMT
< content-type: text/html; charset=utf-8
< content-length: 297
< alt-svc: h3=":443";ma=2592000;
* HTTP/1.0 connection set to keep alive
< connection: keep-alive
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "
http://www.w3.org/TR/html4/strict.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
</ul>
<hr>
</body>
</html>
* Connection #0 to host 0.0.0.0 left intact
```
Please let me know if you have any advice or suggestions on how to
successfully enable http3 on haproxy 2.8.
Best regards

Reply via email to