diff --git a/configuration/haproxy.cfg b/configuration/haproxy.cfg
index 7ac61d0..df911a7 100644
--- a/configuration/haproxy.cfg
+++ b/configuration/haproxy.cfg
@@ -56,14 +56,10 @@ frontend 853-in
 	# DoT
 	use_backend dns-dot if { ssl_fc_sni dot.domain }
 
-backend dns-dot
-	mode tcp
-	server dot 127.0.0.1:5353 check
-
 # TCP LB (443)
 frontend 443-in-doh
-	bind 0.0.0.0:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem
-        bind [::]:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem
+	bind 0.0.0.0:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem alpn h2,http/2
+        bind [::]:443 strict-sni tfo ssl crt /etc/haproxy/certs/doh.domain.pem alpn h2,http/2
 
         mode http
 
@@ -74,14 +70,17 @@ frontend 443-in-doh
 
 	use_backend dns-doh if { hdr(host) -i doh.domain }
 
-#	default_backend nginx
+
+backend dns-dot
+	mode tcp
+	server dot 127.0.0.1:5353 check
 
 backend dns-doh
-mode http
-server dns-doh 127.0.0.1:8053 check
-
-http-response set-header Strict-Transport-Security max-age=63072000
+        mode http
+        server dns-doh 127.0.0.1:8053 check
 
 backend check
         mode http
         errorfile 503 /root/dns/check.http
+
+http-response set-header Strict-Transport-Security max-age=63072000