I am using HAProxy as a loadbalancer and to terminate SSL. Behind that I've placed an Nginx. I'd like to use spdy/3.1.
It does not work with the following haproxy.conf and nginx.cfg. (files are serverd but according to Chrome SPDY/HTTP2 Indicator Plugin it is just normal HTTP/1.1 traffic).
I tried to strip unnecessary parts.
What am I doing wrong? Do you have tips for debugging?
(HAProxy 1.6 current and NginX 1.10 stable line)
haproxy.cfg:
global
daemon
tune.ssl.default-dh-param 2048
defaults
mode tcp
frontend myfrontend
bind *:80
bind *:443 ssl crt /etc/ssl/certificate.pem npn spdy/3.1,http/1.1 ciphers ECDH+AESGCM:HIGH:!aNULL:!MD5:!DSS:!RC4; no-sslv3
acl istoplevel path /
redirect scheme https if istoplevel !{ ssl_fc }
redirect location / if !istoplevel !{ ssl_fc }
rspadd Strict-Transport-Security:\ max-age=31536000;
default_backend mybackend
backend mybackend
server s1 localhost:81
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
nginx.conf:
user nginx;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
server {
listen 81 spdy;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
}
Chrome doesn't support SPDY any more: http://blog.chromium.org/2016/02/transitioning-from-spdy-to-http2.html?m=1
And it doesn't support HTTP/2 in a lot of instances either: https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/
Also it doesn't matter what Nginx is doing if you are terminating at HAproxy. I'm not sure if HAproxy supports SPDY? Some posts suggest it does with special config, others that it's waiting for HTTP/2.
Ultimately SPDY is on the way out. When even its inventor won't support it, you know you're on to a losing battle. You'd be much better moving on to HTTP/2.