Lighttpd

You might be able to get an opaque tunnel using lighttpd mod_sockproxy

I am afraid that writing an HTTP/2 client, along with TLS support, is a humongous endeavor and is not currently planned.

HAProxy is an excellent reverse proxy. With respect to reverse proxying, what features does lighttpd have that HAProxy does not? HAProxy is very well positioned for proxying and routing traffic to a server farm. lighttpd is generally well-positioned as an origin server or reverse proxying to a local service stack.

I already used mod_sockproxy for this usecase, but it needs a separate external port, it cannot share the same port with other request types.
In commercial environments often only one port for client https (443) is allowed.

A full featured HTTP/2 client is not needed/expected:

• no TLS
• the original request must be an HTTP/2 request too (e.g. GRPC)

HTTP/2 request (optional with TLS) -> lighttpd (optional TLS handling/decryption) -> HTTP/2 (always without TLS) -> backend

FYI: besides lighttpd mod_sockproxy, lighttpd natively supports HTTP/2 CONNECT (to limited targets) if you're able to convince the client to send CONNECT.

In commercial environments often only one port for client https (443) is allowed.

True. While I understand the desire to reduce the software stack where possible, are there big challenges with having HAProxy handle the initial hop, and route to other servers, including lighttpd?

I already used mod_sockproxy for this usecase, but it needs a separate external port, it cannot share the same port with other request types.

I'll keep this use case in mind, but writing an HTTP/2 client is still a fair bit of work, even though some (but not all) of lighttpd src/h2.c might be reused for an HTTP/2 client.

At the moment, I am implementing the "it's Saturday night" protocol. That's going to take all night.