haproxy 2.6 发布

haproxy 2.6 发布了，提供了不少特性，其中quic （http3） 是可以直接使用了（注意依赖openssl 版本）我已经构建一个版本

http3 参考使用

• docker 镜像

dalongrong/haproxy:2.6-debian-quic

• 使用
  可以直接参考官方示例

 

#---------------------------------------------------------------------

# Example configuration for a possible web application.  See the

# full configuration options online.

#

#   https://www.haproxy.org/download/2.6/doc/configuration.txt

#   https://cbonte.github.io/haproxy-dconv/2.6/configuration.html

#

#---------------------------------------------------------------------

 

#---------------------------------------------------------------------

# Global settings

#---------------------------------------------------------------------

global

# to have these messages end up in /var/log/haproxy.log you will

# need to:

#

# 1) configure syslog to accept network log events.  This is done

#    by adding the '-r' option to the SYSLOGD_OPTIONS in

#    /etc/sysconfig/syslog

#

# 2) configure local2 events to go to the /var/log/haproxy.log

#   file. A line like the following can be added to

#   /etc/sysconfig/syslog

#

#    local2.*                       /var/log/haproxy.log

#

log         127.0.0.1 local2

 

chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

# daemon

 

# turn on stats unix socket

stats socket /var/lib/haproxy/stats

 

#---------------------------------------------------------------------

# common defaults that all the 'listen' and 'backend' sections will

# use if not designated in their block

#---------------------------------------------------------------------

defaults

mode                    http

log                     global

option                  httplog

option                  dontlognull

option http-server-close

option forwardfor       except 127.0.0.0/8

option                  redispatch

retries                 3

timeout http-request    10s

timeout queue           1m

timeout connect         10s

timeout client          1m

timeout server          1m

timeout http-keep-alive 10s

timeout check           10s

maxconn                 3000

 

resolvers mynameservers

nameserver ns1 127.0.0.11:53

 

frontend mysite

bind :80

bind :443  ssl crt /etc/haproxy/certs/dalong.com/cert.crt alpn h2

 

# enables HTTP/3 over QUIC

bind quic4@:443 ssl crt /etc/haproxy/certs/dalong.com/cert.crt alpn h3

 

# Redirects to HTTPS

http-request redirect scheme https unless { ssl_fc }

 

# Switches to the QUIC protocol

http-response set-header alt-svc "h3=\":443\";ma=2592000;"

 

default_backend webservers

 

backend webservers

balance roundrobin

server web1 app:80 check maxconn 30 resolvers mynameservers

 

frontend stats

bind *:8404

stats enable

stats uri /stats

http-request use-service prometheus-exporter if { path /metrics }

stats refresh 10s

stats admin if LOCALHOST

 

参考效果

 

 

说明

quic 协议是很复杂的，http3 稳定以及可以大规模应用还是需要一段时间的

参考资料

​​https://www.haproxy.com/blog/announcing-haproxy-2-6/​​​
​​​https://http3-explained.haxx.se/en/why-quic​​​
​​​https://github.com/rongfengliang/haproxy-quic​​​
​​​https://github.com/haproxytechblog/haproxy-2.6-http3​​​
​​​https://http3check.net/​​