Hello Haproxy-List,
I need a way to forcefully close a HTTP/2 connection with a
haproxy-internally generated response ('http-request redirect" or
"http-request return")
Basically what "Connection: close" ("option httpclose" or "no option
http-keepalive") did for 1.1.
I know the HTTP/2 spec provides GOAWAY Frames for this
and haproxy already sends those on shutdown [1].
Is there a way to manually trigger these?
After lots of trying, crying and cursing I finally was able to abuse
"timeout client 100", but this seems ugly, even for me.
Not enabling HTTP/2 and using "option httpclose" or "no option
http-keep-alive" is - of course - another "workaround"
I also found [2] which suggests using a 421 response and an errorfile
for the content (one should be able to use 'http-request return'
instead today) but this is for retrying _the same_ request over a new
connection, not a redirect?
[3] is about another 421 foo for yet another ssl-problem as was [2];
an answer cites the RFC which says "client MAY retry", not "SHOULD" or
"MUST" and that chrome had a now-fixed bug in 2021 which ruined that.
I know use cases for this are rare. The Authors in [2] needed this for
client-certificates and [3] for some SNI stuff; I need it for some
nat-conntrack-foo I'd rather not solve using raw/mangle iptables.
Hopefully the "timeout client " workaround at least
makes it into the docs so others running in this problem might find a
low-impact workaround. Or search engines scrape the mailinglist :)
Thx in Advance
Benedikt
[1]
https://github.com/haproxy/haproxy/issues/13
[2]
https://haproxy.formilux.narkive.com/fyNOpSGz/force-response-to-send-http-2-goaway
[3] https://serverfault.com/questions/916724/421-misdirected-request
