Provide both trojan and trojan grpc on the same domain name

This article was published on 2 years ago , the content may be different from the actual situation. If there are errors in the article, please correct them. I will modify or hide the article according to the situation

Note: This article is only for technical exchange. Any legal consequences caused by trying the steps in this article shall be borne by you

Because it is found that the multiplexing buff attached to the new grpc mode of v2ray is easy to use, but a proxy app on iOS only supports pure trojan so far
Therefore, it is planned to provide these two access methods at the same time in the same domain name. The specific idea is as follows:

 User --- haproxy ----- (h2) ----- nginx ----- (grpc) ----- v2ray ----- PROXY |                   └--------------------------------return 404 └-----(http1.1)---v2ray-----(trojan)-----------------PROXY └--------------------nginx-------return 404

The alpn returned by haproxy contains h2 and http1.1. So far, my trojan client only uses http1.1 to establish a connection, while grpc is a h2 based service
Therefore, the protocol in the alpn sent from the client can be used to distribute the traffic to different servers (pure trojan traffic cannot use the http server proxy, so it can only be distributed by tcp)

Haproxy configuration:

 global log /dev/log    local0 log /dev/log    local1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 defaults log    global mode    tcp option    dontlognull maxconn 5000 timeout connect 5s timeout client  20s timeout server  20s timeout queue   30s timeout http-request 5s timeout http-keep-alive 15s frontend www bind :443 ssl crt /etc/haproxy/cert.pem alpn h2,http/1.1 mode tcp use_backend nodes-http2 if { ssl_fc_alpn -i h2 } default_backend nodes-http backend nodes-http mode tcp server http 127.0.0.1:44445 backend nodes-http2 mode tcp server http2 127.0.0.1:44444 send-proxy

Nginx configuration:

 server { listen 80; server_name domain.example.com; location / { default_type text/html; return 404 '<h1>Not Found!</h1>'; } } server { listen       127.0.0.1:44444 http2 proxy_protocol; server_name  domain.example.com; real_ip_header  proxy_protocol; set_real_ip_from "unix:"; location / { default_type text/html; return 404 '<h1>Not Found!</h1>'; } location /GrpcServiceName/Tun { grpc_pass  grpc://127.0.0.1:44443 ; } }

V2Ray configuration:

 ... "inbounds": [ { "listen": "127.0.0.1", "port": 44445, "tag": "trojan", "protocol": "trojan", "settings": { "clients":[ { "email": "testuser", "password": "99999999-9999-9999-9999-999999999999", "level": 0 } ], "fallbacks": [ { "dest": 80 } ] }, "sniffing": { "enabled": true, "destOverride": ["http", "tls"] }, "streamSettings": { "network": "tcp", "security": "none" } }, { "listen": "127.0.0.1", "port": 44443, "tag": "trojan-grpc", "protocol": "trojan", "settings": { "clients":[ { "email": "testuser", "password": "99999999-9999-9999-9999-999999999999", "level": 0 } ] }, "sniffing": { "enabled": true, "destOverride": ["http", "tls"] }, "streamSettings": { "network": "grpc", "security": "none", "grpcSettings": { "serviceName": "GrpcServiceName" } } } ], ...

PS：
I don't know why I can't connect to anything as long as I use the unix socket. Finally, I can only use the port
In fact, you can directly use one of Haproxy or Nginx to meet all requirements, but I'm too lazy to do it（
As for why not use sni diffluence, because I only bought one certificate（（（
What's more, it's strange that one domain name has only http 1.1 client connection and the other has only h2 connection（