HTTP/3
HAProxy Enterprise can send and receive HTTP/3 messages over the QUIC protocol.
While earlier HTTP implementations were transported over TCP, HTTP/3 uses QUIC, a UDP-based, connectionless protocol. To support QUIC, HAProxy Enterprise must bundle a compatible SSL/TLS library. Ordinarily, the stock OpenSSL library on a Linux system will do, but in this case, we provide a specialized version of OpenSSL with the HAProxy Enterprise 2.7r1 package.
To enable HTTP/3 over QUIC, you must uninstall any prior installed instance of HAProxy Enterprise 2.7r1 and install the QUIC-compatible package.
Install the QUIC-compatible HAProxy Enterprise 2.7r1 package
This package is available for the following operating system versions:
Ubuntu 22.04
Debian 11
Red Hat Enterprise Linux 9
To install HAProxy Enterprise 2.7r1 with QUIC support:
Uninstall any prior installed instance of HAProxy Enterprise 2.7r1.
-
Install the QUIC-compatible HAProxy Enterprise 2.7r1 package, replacing
<HAProxy Enterprise key>with your subscription key:$ wget https://www.haproxy.com/static/install_haproxy_enterprise.sh $ sudo bash ./install_haproxy_enterprise.sh \ --version 2.7r1 \ --key <HAProxy Enterprise key> \ --quictls -
Update your configuration file,
/etc/hapee-2.7/hapee-lb.cfgso that yourfrontendincludes required directives:frontend example bind :80 # Enable HTTPS bind :443 ssl crt/etc/hapee-2.7/certs/example.pemalpn h2 # enables HTTP/3 over QUIC bind quic4@:443 ssl crt/etc/hapee-2.7/certs/example.pemalpn h3 # Redirects to HTTPS http-request redirect scheme https unless { ssl_fc } # 'Alt-Svc' header invites client to switch to the QUIC protocol # Max age (ma) is set to 15 minutes (900 seconds), but # can be increased once verified working as expected http-response set-header alt-svc "h3=\":443\";ma=900;" default_backend webservers -
Enable and start the HAProxy Enterprise service:
$ sudo systemctl enable hapee-2.7-lb $ sudo systemctl start hapee-2.7-lb
Next up
TCP