Is your feature request related to a problem? Please describe.
I'd like to be able to take advantage of HTTP/2 (and HTTP/3 protocol) for improved network performance.
Describe the solution you'd like
Instead of doing HTTPS all the way to the backend which would cause us to lose many or most of the benefits of having a proxy, I'd like to use the "cleartext" variant HAProxy h2c backend
HAProxy continues to terminate client TLS and negotiate h2 via ALPN (as today), but forwards requests downstream to Apache using cleartext HTTP/2 (h2c) instead of HTTP/1.1.
HAProxy changes:
Add proto h2 to each server line in www-backend — this tells HAProxy to speak h2c to that backend
Apache changes (httpd.conf / VirtualHost on :8080):
Load mod_http2
Add Protocols h2c http/1.1 to the VirtualHost (h2c is the cleartext variant; plain h2 requires TLS on the Apache side)
What you keep: All existing HAProxy layer-7 features — bot blocking, rate limiting, HSTS injection, X-Forwarded-For, certbot/ACME, the redirect scheme https in www-backend, and the nonwiki/netdata routing. Nothing about the TLS setup changes.
Constraint: Requires HAProxy ≥ 2.0. Your current config uses reqadd which is HAProxy 1.x syntax, so this would require a HAProxy upgrade alongside the feature work. (We're currently on HAProxy 1.8 which is 5 yrs old because we're using RHEL8 / RockyLinux8)
Is your feature request related to a problem? Please describe.
I'd like to be able to take advantage of HTTP/2 (and HTTP/3 protocol) for improved network performance.
Describe the solution you'd like
Instead of doing HTTPS all the way to the backend which would cause us to lose many or most of the benefits of having a proxy, I'd like to use the "cleartext" variant HAProxy h2c backend
HAProxy continues to terminate client TLS and negotiate h2 via ALPN (as today), but forwards requests downstream to Apache using cleartext HTTP/2 (h2c) instead of HTTP/1.1.
HAProxy changes:
Add
proto h2to each server line inwww-backend— this tells HAProxy to speak h2c to that backendApache changes (httpd.conf / VirtualHost on :8080):
Load
mod_http2Add
Protocols h2c http/1.1to the VirtualHost (h2c is the cleartext variant; plain h2 requires TLS on the Apache side)What you keep: All existing HAProxy layer-7 features — bot blocking, rate limiting, HSTS injection, X-Forwarded-For, certbot/ACME, the redirect scheme https in www-backend, and the nonwiki/netdata routing. Nothing about the TLS setup changes.
Constraint: Requires HAProxy ≥ 2.0. Your current config uses reqadd which is HAProxy 1.x syntax, so this would require a HAProxy upgrade alongside the feature work. (We're currently on HAProxy 1.8 which is 5 yrs old because we're using RHEL8 / RockyLinux8)