OVH Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVH Community members.

HTTP2 on IP Load Balancer


#1

Hi!

We have made two tests:

  1. Configured a HTTPS Frontend on the IPLB with free SSL certificate that proxy to a HTTP servers, it help a lot as SSL Offload and the site backend can read the client IP. But there are no HTTP2 protocol available
  2. We configured the TCP Frontend with routes for H2 protocol with the certificate and https inside the backend servers. We Have HTTP2 but we site backend can’t read the real client IP.

Both solutions have one big compromise…

There are any solution for thats situations?

Thanks!


#2

Hello,

It is pretty standard to configure your backend to read the real IP of the client, instead of your load balancer.

Take a look at the X-Forwarded-For section of this guide https://docs.ovh.com/gb/en/iplb/http-headers/

It tells you how to format your logs to read the real IP.


#3

Hello MatthewC,
We already followed all guides regarding the load balancer and it work the real IP but we don’t have HTTP2 protocol.

https://docs.ovh.com/gb/en/iplb/lb-http2/

Any solution to have IP LB with HTTP2 or to pass the real ip on TCP LB?


#4

Hello,

Unfortunatly Haproxy doesn’t fully support HTTP2 yet, more information here https://www.haproxy.com/blog/whats-new-haproxy-1-8/

The best way to do it today is to use a TCP frontend like you did.
To retrieve the source client IP, you can activate the proxy protocol option on your server clusters servers.
54 AM

Since I don’t know what kind of application you are using behind the load balancer, I can’t tell you the right proxy protocol configuration. But you’ll find the Haproxy documentation on this subject here https://www.haproxy.com/blog/haproxy/proxy-protocol/

Tell me if you need any further information.

Maxime


#5

Hi MaximeG,

Thanks for the reply!
I have configured 5 nginx servers under my cluster servers and it’s working very well now the HTTP2 over TCP with proxy_protocol https://www.nginx.com/resources/admin-guide/proxy-protocol/

I will waiting for the new HAProxy with H2 and TLS1.3 support!


#6

Great ! We are waiting for a full HTTP2 support too !

Can you please mark your thread as resolved if that’s OK for you ?

Have a nice day