[FEATURE] HTTP/2 End-to-end to Apache - Upgrade HAProxy #331
Description
Is your feature request related to a problem? Please describe.
I'd like to be able to take advantage of HTTP/2 (and HTTP/3 protocol) for improved network performance.
Describe the solution you'd like
Instead of doing HTTPS all the way to the backend which would cause us to lose many or most of the benefits of having a proxy, I'd like to use the "cleartext" variant HAProxy h2c backend
HAProxy continues to terminate client TLS and negotiate h2 via ALPN (as today), but forwards requests downstream to Apache using cleartext HTTP/2 (h2c) instead of HTTP/1.1.
HAProxy changes:
Add proto h2 to each server line in www-backend — this tells HAProxy to speak h2c to that backend
Apache changes (httpd.conf / VirtualHost on :8080):
Load mod_http2
Add Protocols h2c http/1.1 to the VirtualHost (h2c is the cleartext variant; plain h2 requires TLS on the Apache side)
What you keep: All existing HAProxy layer-7 features — bot blocking, rate limiting, HSTS injection, X-Forwarded-For, certbot/ACME, the redirect scheme https in www-backend, and the nonwiki/netdata routing. Nothing about the TLS setup changes.
Constraint: Requires HAProxy ≥ 2.0. Your current config uses reqadd which is HAProxy 1.x syntax, so this would require a HAProxy upgrade alongside the feature work. (We're currently on HAProxy 1.8 which is 5 yrs old because we're using RHEL8 / RockyLinux8)