Haproxy

overview

Deploy a proxy before web app is common practise. on demo site of idempiere use nginx.

ticket IDEMPIERE-3136 introduce h2 feature of jetty to idempiere. it's full support by haproxy

(newest nginx also support h2 but i still don't figure out how to get it full support like haproxy

when said about full support, i mean about this feature [1]

browse connect to proxy by h2 on https. proxy use openssl module decrypt content and connect to jetty by h2 on http

so h2 is full support from browse to jetty and still can use termination ssl deploy model

with nginx, it's easy to setup browse connect to proxy by h2 on https, but from proxy to jetty i don't know how to setup it use http2c module )

jetty community have a complete, full guideline about how to setup haproxy with jetty with h2,

i just add some note relate h2 feature from my experience when practise it to idempiere.

1. add alpn to Xbootclasspath

add vm parameter -Xbootclasspath/p:${workspace_loc}/alpn-boot.jar

2. delegate package on alpn to bootdelegation

add vm parameter -Dorg.osgi.framework.bootdelegation=sun.security.ssl,org.eclipse.jetty.alpn

3. add configuration on jettyxxx.xml

can reference to default configuration of jetty distribute or jetty folder of idempiere

4. add more some jetty plugin support h2 and alpn

can reference idempiere workspace

i like to configuration SSL Termination model. tls layouts

to use support h2 you have to use a version of haproxy support openssl 1.0.2 or greater

so i like to use build haproxy and openssl from source, it help me get up to date version.

i do a script to build and deploy haproxy with openssl on centos. step is same on other linux, please reference from script at

you also reference to default configuration for haproxy at configuration reference