OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • HAProxy allow using new HTTP/3 and QUIC support in the MVC GUI
« previous next »
  • Print
Pages: [1]

Author Topic: HAProxy allow using new HTTP/3 and QUIC support in the MVC GUI  (Read 1140 times)

FireKahuna

  • Newbie
  • *
  • Posts: 4
  • Karma: 1
    • View Profile
HAProxy allow using new HTTP/3 and QUIC support in the MVC GUI
« on: July 18, 2024, 05:27:17 am »
HAProxy 2.6+ has support for using Quic and HTTP/3 and checking 'haproxy -vv' it is compiled with support for it in OPNSense, however the GUI atm blocks the use of these protocols. It seems simple to fix but the xml just needs to be edited. Can the GUI restrictions be adjusted for 24.7 by chance? More extended support and such could definitely come later, just would be nice to be able to type this options in without a block.

Example is given here: https://www.haproxy.com/blog/how-to-enable-quic-load-balancing-on-haproxy
Code: [Select]
frontend fe
  mode http
  bind :80
  bind :443  ssl crt /etc/haproxy/certs/foo.com/cert.crt alpn h2
  bind quic4@:443 ssl crt /mycert.pem alpn h3

  http-request redirect scheme https unless { ssl_fc }

  http-after-response add-header alt-svc 'h3=":443"; ma=60'
so for OPNSense, looking at this: https://github.com/opnsense/plugins/blob/master/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml

Code: [Select]
                <bind type="CSVListField">
                    <Required>Y</Required>
                    <multiple>Y</multiple>
                    <mask>/^((([0-9a-zA-Z._\-\*:\[\]]+:+[0-9]+(-[0-9]+)?|unix@[0-9a-z_\-]+)([,]){0,1}))*/u</mask>
                    <ChangeCase>lower</ChangeCase>
                    <ValidationMessage>Please provide a valid listen address, i.e. 127.0.0.1:8080, [::1]:8080, www.example.com:443 or unix@socket-name. Port range as start-end, i.e. 127.0.0.1:1220-1240.</ValidationMessage>
                </bind>In here it needs to support quic4@ and quic6@ alongside unix@. This alone would allow binding Quic connections, then the only other core piece is the following

Code: [Select]
                    <OptionValues>
                        <h2>HTTP/2</h2>
                        <http11>HTTP/1.1</http11>
                        <http10>HTTP/1.0</http10>
                    </OptionValues>
The correct route is to have <h3>HTTP/3</h3> added as a valid option as well. Then have h3 only appear on bind lines starting with quic and not appear on lines that dont start with quic. if substring = QUIC, h3. If NOT quic, ALPN options. Might not even need h3 as a typable option that way actually. That + quic4/6 would allow a config matching what they provided by adding the rest of the example as conditions/option pass-through.

Though that can be done later, even simply having quic4/6 be supported syntax wise would be a great start to configuring a working QUIC setup.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • HAProxy allow using new HTTP/3 and QUIC support in the MVC GUI
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2