SPDY with HAProxy and Nginx

0
votes

I am using HAProxy as a loadbalancer and to terminate SSL. Behind that I've placed an Nginx. I'd like to use spdy/3.1.

It does not work with the following haproxy.conf and nginx.cfg. (files are serverd but according to Chrome SPDY/HTTP2 Indicator Plugin it is just normal HTTP/1.1 traffic).

I tried to strip unnecessary parts.

What am I doing wrong? Do you have tips for debugging?

(HAProxy 1.6 current and NginX 1.10 stable line)

haproxy.cfg:

global
  daemon
  tune.ssl.default-dh-param 2048

defaults
  mode tcp

frontend myfrontend
  bind *:80
  bind *:443 ssl crt /etc/ssl/certificate.pem npn spdy/3.1,http/1.1 ciphers ECDH+AESGCM:HIGH:!aNULL:!MD5:!DSS:!RC4; no-sslv3
  acl istoplevel path /
  redirect scheme https if istoplevel !{ ssl_fc }
  redirect location / if !istoplevel !{ ssl_fc }
  rspadd Strict-Transport-Security:\ max-age=31536000;
  default_backend mybackend

backend mybackend
  server s1 localhost:81
  option forwardfor
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }

nginx.conf:

user  nginx;

http {
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  sendfile        on;
  #tcp_nopush     on;

  server {
    listen 81 spdy;
    root /usr/share/nginx/html;
    index index.html;

    location / {
      try_files $uri $uri/ /index.html;
    }
  }
}
2
nginxhaproxyhttp2spdymultiplexing
Nginx is built with --with-http_v2-module. Does that include spdy? Documentation is not so verbose about thatalsdkjasdlkja

2 Answers

1
votes

Chrome doesn't support SPDY any more: http://blog.chromium.org/2016/02/transitioning-from-spdy-to-http2.html?m=1

And it doesn't support HTTP/2 in a lot of instances either: https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/

Also it doesn't matter what Nginx is doing if you are terminating at HAproxy. I'm not sure if HAproxy supports SPDY? Some posts suggest it does with special config, others that it's waiting for HTTP/2.

Ultimately SPDY is on the way out. When even its inventor won't support it, you know you're on to a losing battle. You'd be much better moving on to HTTP/2.

0
votes

You'll need to use ALPN for Chrome. For HAProxy, you'll need 1.8 to support termianting with HTTP2.

Here's the relevant config for HTTP2 and ALPN from CertSimple's load balancer with HTTP/2 and dynamic reconfig guide:

frontend public
    # HTTP/2 - see https://www.haproxy.com/blog/whats-new-haproxy-1-8/
    bind :443 ssl crt /etc/https/cert-and-private-key-and-intermediate-and-dhparam.pem alpn h2,http/1.1