How To Enable HTTP/3 over QUIC in HAProxy
What’s QUIC
QUIC (Quick UDP Internet Connections) is a transport layer network protocol developed by Google. QUIC supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP), and it was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latencies.
Enable QUIC in HAProxy in Linux Ubuntu
Install Requirements
apt update && apt install -y \
ca-certificates \
gcc \
git \
libc6-dev \
liblua5.3-dev \
libpcre3-dev \
libssl-dev \
libsystemd-dev \
make \
zlib1g-dev \
rsyslogCompile OpenSSL QUICTLS
cd /usr/local/src
git clone https://github.com/quictls/openssl
cd openssl
git checkout OpenSSL_1_1_1t+quic
mkdir -p /opt/quictls
./config --libdir=lib --prefix=/opt/quictls
make && make installCompile HAProxy QUIC
cd /usr/local/src
git clone https://github.com/haproxy/haproxy.git
cd haproxy
git checkout v2.8.0
make TARGET=linux-glibc \
USE_LUA=1 \
USE_PCRE=1 \
USE_ZLIB=1 \
USE_SYSTEMD=1 \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_OPENSSL=1 \
SSL_INC=/opt/quictls/include \
SSL_LIB=/opt/quictls/lib \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib"
make install-bin
cd admin/systemd
make haproxy.service
cp ./haproxy.service /etc/systemd/system/
mkdir -p /etc/haproxy
mkdir -p /run/haproxy
touch /etc/haproxy/haproxy.cfgAdd HAProxy user
groupadd -g 125 haproxy
useradd -g 125 -u 117 -s /usr/sbin/nologin -d /var/lib/haproxy haproxyPlease change the number of UID and GID if exists
Enable HAProxy Log in rsyslog
vim /etc/rsyslog.d/99-haproxy.conf
# add these line
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
:programname, startswith, "haproxy" {
/var/log/haproxy.log
stop
}
# create requirement file/folder
mkdir -p /var/lib/haproxy/dev /run/haproxy
chown -Rv haproxy.haproxy /var/lib/haproxy /run/haproxy
# restart rsyslog
systemctl restart rsyslogEnable HAProxy Logrotate Logs
vim /etc/logrotate.d/haproxy
# add these line
/var/log/haproxy.log {
daily
rotate 7
missingok
notifempty
compress
delaycompress
postrotate
[ ! -x /usr/lib/rsyslog/rsyslog-rotate ] || /usr/lib/rsyslog/rsyslog-rotate
endscript
}Enable HAProxy in Systemd
systemctl enable haproxy
systemctl start haproxy
systemctl status haproxyEnable HTTP/3 QUIC in HAProxy config
frontend fe_website
mode http
bind :80
bind :443 ssl crt /etc/haproxy/certs/foo.com/cert.crt alpn h2
bind quic4@:443 ssl crt /mycert.pem alpn h3
http-request redirect scheme https unless { ssl_fc }
http-after-response add-header alt-svc 'h3=":443"; ma=60'You might be interested in exploring more about the technologies that power modern web communication. Speaking of **QUIC**, you might find the QUIC Wikipedia article insightful as it delves into the protocol’s design and benefits. If you’re curious about the underlying principles of **HTTP/3**, check out the HTTP/3 Wikipedia article, which explains how it enhances performance over previous versions. Additionally, understanding **TLS** (Transport Layer Security) is crucial for security in web communications; you can read more about it in the TLS Wikipedia article. These resources can deepen your comprehension of how HAProxy and similar tools leverage these technologies to provide efficient and secure web services.
Related Posts
ols1clk.sh: Installing WordPress on OpenLiteSpeed
