HTTP/2
HAProxy Enterprise supports HTTP/2 over:
unencrypted HTTP (known as h2c);
encrypted HTTPS when OpenSSL 1.0.2 or newer is available on the server.
Most browsers support HTTP/2 over HTTPS only, but you may find it useful to enable h2c between backend services (e.g. gRPC services).
Enable HTTP/2 over HTTPS
To enable HTTP/2 between clients and HAProxy Enterprise, configure the bind
line in a frontend
section as an ssl
endpoint. The alpn
parameter announces that the load balancer supports HTTP/2 (h2) as its first choice and HTTP/1.1 as a backup by listing them in that order. Since this uses the TLS ALPN extension, the HAProxy Enterprise server must have OpenSSL 1.0.2 or newer.
frontend www
mode http
bind :443 ssl crt /path/to/cert.crt alpn h2,http/1.1
default_backend servers
To enable HTTP/2 between HAProxy Enterprise and your backend servers, add the alpn
parameter to your server
or default-server
lines:
backend servers
mode http
server s1 192.168.0.10:443 ssl alpn h2,http/1.1
server s2 192.168.0.11:443 ssl alpn h2,http/1.1
This announces to the servers that HAProxy Enterprise, acting as a client, supports HTTP/2. The servers must also support it.
Enable HTTP/2 over HTTP (h2c)
To enable HTP/2 between clients and HAProxy Enterprise without using TLS, use the proto
parameter to announce support for it. This method does not allow you to support multiple versions of HTTP simultaneously.
frontend www
mode http
bind :80 proto h2
default_backend servers
To enable HTTP/2 between HAProxy Enterprise and your backend servers, add the proto
parameter to your server
or default-server
lines:
backend servers
mode http
server s1 192.168.0.10:80 proto h2
server s2 192.168.0.11:80 proto h2
Ajust the HTTP/2 initial window size
When you expect large file uploads over a network with moderately high latency, you may experience slow upload speeds. You can increase the HTTP/2 Flow Control window size to allow HAProxy Enterprise to buffer more data. Set tune.h2.initial-window-size
in the global
section to the number of bytes the client can upload before waiting for an acknowledgement from the load balancer. For example, you could set a high value like 1048576.
Next up
TCP