HTTP2.0: Nginx + HAProxy + Openssl

Nginx and HAProxy has the problem that you can’t use http2 because centos 6 comes with openssl-1.0.1. HTTP2 (or more precise ALPN) becomes possible with openssl-1.0.2.

Please note: any prerequisites are ignored

NGiNX

Nginx needs only the sources of openssl.
# wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
# tar xzf openssl-1.0.2j.tar.gz

And add additional to your configure params of nginx
--with-openssl=path
with the path to that openssl sources.

HAProxy

HAProxy needs openssl as compiled form.

# download
wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
extract
tar xzf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
# configure
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-shared zlib-dynamic
# compile
make
# install without docs .. nobody need docs on disk, they are online everywhere
make install_sw

Also note: before 1.8 only http2 passthrough is available

# download
wget "http://www.haproxy.org/download/1.8/src/haproxy-1.8.8.tar.gz"
# extract
tar xzf haproxy-1.8.8.tar.gz
cd haproxy-1.8.10/
# build with newer openssl
make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1 ARCH=native

Init script, to daemonized haproxy.
You have to modify the path/exec param to your haproxy binary.

#!/bin/sh
#
# haproxy
#
# chkconfig:   - 85 15
# description:  HAProxy is a free, very fast and reliable solution \
#               offering high availability, load balancing, and \
#               proxying for TCP and  HTTP-based applications
# processname: haproxy
# config:      /etc/haproxy/haproxy.cfg
# pidfile:     /var/run/haproxy.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
exec="/usr/local/sbin/haproxy"
prog=$(basename $exec)
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/haproxy
check() {
    $exec -c -V -f /etc/$prog/$prog.cfg
}
start() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
    echo -n $"Starting $prog: "
    # start it up here, usually something like "daemon $exec"
    daemon $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}
stop() {
    echo -n $"Stopping $prog: "
    # stop it here, often "killproc $prog"
    killproc $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}
restart() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
    stop
    start
}
reload() {
    $exec -c -q -f /etc/$prog/$prog.cfg
    if [ $? -ne 0 ]; then
        echo "Errors in configuration file, check with $prog check."
        return 1
    fi
    echo -n $"Reloading $prog: "
    $exec -D -f /etc/$prog/$prog.cfg -p /var/run/$prog.pid -sf $(cat /var/run/$prog.pid)
    retval=$?
    echo
    return $retval
}
force_reload() {
    restart
}
fdr_status() {
    status $prog
}
case "$1" in
    start|stop|restart|reload)
        $1
        ;;
    force-reload)
        force_reload
        ;;
    check)
        check
        ;;
    status)
        fdr_status
        ;;
    condrestart|try-restart)
        [ ! -f $lockfile ] || restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}"
        exit 2
esac