> On 29 Oct 2019, at 09:39, Christopher Faulet <[email protected]> wrote: > > Le 28/10/2019 à 22:00, Christopher Faulet a écrit : >>> macbookpro:~ andreavettori$ curl --http2 -v http://g.testhost >> [SNIP] >> Here, it is the expected behavior. HAProxy does not support explicit H2 >> upgrade. > > In Fact, for this one, I was wrong. The result should be more or less the > same that an HTTP/1.1 request. The upgrade should be ignored and the request > should be sent in H2 to the server without the header "Upgrade". In return, > the H2 response should be converted to HTTP/1.1 and sent to the client. > > So, as for all requests on the ports 80 and 82, you have a configuration > issue. Looking at you complete configuration (with global and defaults > sections), it does not seem to be problem with your HAProxy configuration. > So there is something else.
I’m not sure to understand what you’re referring about ? Wrong/old libraries when compiling haproxy or … ? This is the output of haproxy -vv HA-Proxy version 2.0.8 2019/10/23 - https://haproxy.org/ Build options : TARGET = linux-glibc CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=40). Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE mux=H2 h2 : mode=HTTP side=FE mux=H2 <default> : mode=HTX side=FE|BE mux=H1 <default> : mode=TCP|HTTP side=FE|BE mux=PASS Available services : none Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace There are no trailers in the response. Here’s the curl log from the server where haproxy is running to the backend direct connection curl --http2 -v --resolve g.testhost:8083:10.2.2.50 "http://g.testhost:8083"; > /tmp/1 * Added g.testhost:8083:10.2.2.50 to DNS cache * Hostname g.testhost was found in DNS cache * Trying 10.2.2.50:8083... * TCP_NODELAY set % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to g.testhost (10.2.2.50) port 8083 (#0) > GET / HTTP/1.1 > Host: g.testhost:8083 > User-Agent: curl/7.66.0 > Accept: */* > Connection: Upgrade, HTTP2-Settings > Upgrade: h2c > HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA > * Mark bundle as not supporting multiuse < HTTP/1.1 101 < Connection: Upgrade < Upgrade: h2c < Date: Tue, 29 Oct 2019 08:45:37 GMT * Received 101 * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 < set-cookie: JSESSIONID=AD70DA604A53D7095BF5EB46FA7DA33B; Path=/; Secure; HttpOnly * Added cookie agentid="TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN" for domain g.testhost, path /, expire 3719822383 < set-cookie: agentid=TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN; Max-Age=2147483647; Expires=Sun, 16-Nov-2087 11:59:44 GMT; Path=/ * Added cookie mtt_id="TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN|" for domain testhost, path /, expire 3719822383 < set-cookie: mtt_id=TT62BGKFSXG2B577FZ9CN0TWFIHLWI1CYO371BWN|; Max-Age=2147483647; Expires=Sun, 16-Nov-2087 11:59:44 GMT; Domain=testhost; Path=/ < cache-control: no-store, must-revalidate, max-age=0 < pragma: no-cache < expires: Sat, 26 Jul 1997 05:00:00 GMT < content-type: text/html;charset=UTF-8 < content-language: en-US < date: Tue, 29 Oct 2019 08:45:37 GMT < { [8192 bytes data] 100 479k 0 479k 0 0 4363k 0 --:--:-- --:--:-- --:--:-- 4363k * Connection #0 to host g.testhost left intact and curl --http2-prior-knowledge -v --resolve g.testhost:8083:10.2.2.50 "http://g.testhost:8083"; > /tmp/1 * Added g.testhost:8083:10.2.2.50 to DNS cache * Hostname g.testhost was found in DNS cache * Trying 10.2.2.50:8083... * TCP_NODELAY set % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to g.testhost (10.2.2.50) port 8083 (#0) * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x1797c10) > GET / HTTP/2 > Host: g.testhost:8083 > User-Agent: curl/7.66.0 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 * Added cookie JSESSIONID="0C72F893F53B3C8CAB04408DE8F73DE5" for domain g.testhost, path /, expire 0 < set-cookie: JSESSIONID=0C72F893F53B3C8CAB04408DE8F73DE5; Path=/; HttpOnly * Added cookie agentid="TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL" for domain g.testhost, path /, expire 3719822625 < set-cookie: agentid=TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL; Max-Age=2147483647; Expires=Sun, 16-Nov-2087 12:03:46 GMT; Path=/ * Added cookie mtt_id="TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL|" for domain testhost, path /, expire 3719822625 < set-cookie: mtt_id=TJVWFGX0DTLZRRRL8HRP48L64CV0ENRNMUBT3KPL|; Max-Age=2147483647; Expires=Sun, 16-Nov-2087 12:03:46 GMT; Domain=testhost; Path=/ < cache-control: no-store, must-revalidate, max-age=0 < pragma: no-cache < expires: Sat, 26 Jul 1997 05:00:00 GMT < content-type: text/html;charset=UTF-8 < content-language: en-US < date: Tue, 29 Oct 2019 08:49:39 GMT < { [8192 bytes data] 100 479k 0 479k 0 0 5581k 0 --:--:-- --:--:-- --:--:-- 5646k * Connection #0 to host g.testhost left intact Thanks — Ing. Andrea Vettori Responsabile Sistemi Informativi
