Add documentation or config parameter for h2 enablement

[dawinter]

Hi,

the Haproxy supports h2 frontend support and I tried to enable it with marathon-lb. I took a while but finally I was successful.

I created the following overwrite template HAPROXY_HTTPS_FRONTEND_HEAD file (including the leading and post empty line) and added into the template folder.

``

frontend marathon_https_in
bind *:443 ssl {sslCerts} alpn h2,http/1.1
mode http

``

Can you document it as example or add a config parameter to be able to configure alpn protocols?

[vixns]

If you keep the defaults ssl_fc_sni based routing and multi domains or wildcard certificates, you will face the http2 reuse problem, all frontends using the same ssl certificate will be mixed.

https://discourse.haproxy.org/t/http2-reuse-problem/3286/4

As a workaround, use host header based templates, which IMO should be the marathon-lb defaults

cat HAPROXY_HTTPS_FRONTEND_ACL
  acl host_{cleanedUpHostname} hdr(host) -i {hostname}
  use_backend {backend} if host_{cleanedUpHostname}

cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH
  acl auth_{cleanedUpHostname} http_auth(user_{backend})
  acl host_{cleanedUpHostname} hdr(host) -i {hostname}
  http-request auth realm "{realm}" if host_{cleanedUpHostname} !auth_{cleanedUpHostname}
  use_backend {backend} if host_{cleanedUpHostname}

cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH_AND_PATH
  acl auth_{cleanedUpHostname} http_auth(user_{backend})
  acl host_{cleanedUpHostname} hdr(host) -i {hostname}
  http-request auth realm "{realm}" if host_{cleanedUpHostname} path_{backend} !auth_{cleanedUpHostname}
  use_backend {backend} if host_{cleanedUpHostname} path_{backend}

cat HAPROXY_HTTPS_FRONTEND_ACL_WITH_PATH
  acl host_{cleanedUpHostname} hdr(host) -i {hostname}
  use_backend {backend} if host_{cleanedUpHostname} path_{backend}

cat HAPROXY_MAP_HTTPS_FRONTEND_ACL
  use_backend %[req.hdr(host),lower,map_end({haproxy_dir}/domain2backend.map)]