[js4all]

Current HAProxy already supports the handshake of SPDY/HTTP2 via NPN and ALPN. You have to route to proper backends. You also need to provide a HTTP/1.1 fallback implementation for incapable clients. Once setup that works very well. I am using it for our blog (https://blog.cloudno.de)

[Apofis]

What about SSL Termination? Would it still work if I terminate?

[js4all]

In the described setup, HAProxy is doing SSL termination. See the gist for the cert and crypto parameters. This is getting a A+ from ssllabs.

[Apofis]

Thank you!

[newman314]

Maybe you could share a scrubbed config?

[js4all]

Sure, here is a gist: https://gist.github.com/dvbportal/cccccbbf6163cfbbbce6

The frontend definition advertises spdy and http/1.1 protocols via npn. (this should be now ALPN, HAProxy supports it)

The ssl_fc_npn ACL routes to the SSL-teminated traffic to the appropriate backends.

Nginx is configured to serve two backends with one port for each protocol. There can be multiple instances with round robin, if necessary.

This setup scales and is extensible for additional protocols

[jsmeaton]

Thanks for sharing. Can the SPDY frontend only be tcp based though, not http? The reason I ask is because my setup does all the routing (path and subdomain based) with http frontends.

[js4all]

Unfortunately, it has to be TCP. You can define other HTTP frontends thought, but then you lose SPDY for that frontend.

You can use the routing capabilities of nginx in the backend to break the traffic further down.

[newman314]

Thanks! I'll go take a look now.