mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-05 22:56:57 +02:00
DOC: configuration: fix alphabetical order of bind options
Put the curves, ecdhe, severity-output, v4v6 and v6only keyword at the right place. Fix issue #2594. Could be backported in every stable versions.
This commit is contained in:
William Lallemand
parent
9d312212df
commit
0cc2913aec
@ -15852,19 +15852,6 @@ backlog <backlog>
|
||||
Sets the socket's backlog to this value. If unspecified or 0, the frontend's
|
||||
backlog is used instead, which generally defaults to the maxconn value.
|
||||
|
||||
curves <curves>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
the string describing the list of elliptic curves algorithms ("curve suite")
|
||||
that are negotiated during the SSL/TLS handshake with ECDHE. The format of the
|
||||
string is a colon-delimited list of curve name.
|
||||
Example: "X25519:P-256" (without quote)
|
||||
When "curves" is set, "ecdhe" parameter is ignored.
|
||||
|
||||
ecdhe <named curve>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
the named curve (RFC 4492) used to generate ECDH ephemeral keys. By default,
|
||||
used named curve is prime256v1.
|
||||
|
||||
ca-file <cafile>
|
||||
This setting is only available when support for OpenSSL was built in. It
|
||||
designates a PEM file from which to load CA certificates used to verify
|
||||
@ -16147,6 +16134,14 @@ default-crt <cert>
|
||||
|
||||
See also the "crt" keyword.
|
||||
|
||||
curves <curves>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
the string describing the list of elliptic curves algorithms ("curve suite")
|
||||
that are negotiated during the SSL/TLS handshake with ECDHE. The format of the
|
||||
string is a colon-delimited list of curve name.
|
||||
Example: "X25519:P-256" (without quote)
|
||||
When "curves" is set, "ecdhe" parameter is ignored.
|
||||
|
||||
defer-accept
|
||||
Is an optional keyword which is supported only on certain Linux kernels. It
|
||||
states that a connection will only be accepted once some data arrive on it,
|
||||
@ -16160,6 +16155,11 @@ defer-accept
|
||||
an established connection while the proxy will only see it in SYN_RECV. This
|
||||
option is only supported on TCPv4/TCPv6 sockets and ignored by other ones.
|
||||
|
||||
ecdhe <named curve>
|
||||
This setting is only available when support for OpenSSL was built in. It sets
|
||||
the named curve (RFC 4492) used to generate ECDH ephemeral keys. By default,
|
||||
used named curve is prime256v1.
|
||||
|
||||
expose-fd listeners
|
||||
This option is only usable with the stats socket. It gives your stats socket
|
||||
the capability to pass listeners FD to another HAProxy process.
|
||||
@ -16264,18 +16264,6 @@ level <level>
|
||||
- "admin" should be used with care, as everything is permitted (e.g. clear
|
||||
all counters).
|
||||
|
||||
severity-output <format>
|
||||
This setting is used with the stats sockets only to configure severity
|
||||
level output prepended to informational feedback messages. Severity
|
||||
level of messages can range between 0 and 7, conforming to syslog
|
||||
rfc5424. Valid and successful socket commands requesting data
|
||||
(i.e. "show map", "get acl foo" etc.) will never have a severity level
|
||||
prepended. It is ignored by other sockets. <format> can be one of :
|
||||
- "none" (default) no severity level is prepended to feedback messages.
|
||||
- "number" severity level is prepended as a number.
|
||||
- "string" severity level is prepended as a string following the
|
||||
rfc5424 convention.
|
||||
|
||||
maxconn <maxconn>
|
||||
Limits the sockets to this number of concurrent connections. Extraneous
|
||||
connections will remain in the system's backlog until a connection is
|
||||
@ -16482,6 +16470,18 @@ quic-socket [ connection | listener ]
|
||||
the specific listeners. See "tune.quic.socket-owner" for a full description
|
||||
of its usage.
|
||||
|
||||
severity-output <format>
|
||||
This setting is used with the stats sockets only to configure severity
|
||||
level output prepended to informational feedback messages. Severity
|
||||
level of messages can range between 0 and 7, conforming to syslog
|
||||
rfc5424. Valid and successful socket commands requesting data
|
||||
(i.e. "show map", "get acl foo" etc.) will never have a severity level
|
||||
prepended. It is ignored by other sockets. <format> can be one of :
|
||||
- "none" (default) no severity level is prepended to feedback messages.
|
||||
- "number" severity level is prepended as a number.
|
||||
- "string" severity level is prepended as a string following the
|
||||
rfc5424 convention.
|
||||
|
||||
shards <number> | by-thread | by-group
|
||||
In multi-threaded mode, on operating systems supporting multiple listeners on
|
||||
the same IP:port, this will automatically create this number of multiple
|
||||
@ -16664,20 +16664,6 @@ transparent
|
||||
kernel version. Some distribution kernels include backports of the feature,
|
||||
so check for support with your vendor.
|
||||
|
||||
v4v6
|
||||
Is an optional keyword which is supported only on most recent systems
|
||||
including Linux kernels >= 2.4.21. It is used to bind a socket to both IPv4
|
||||
and IPv6 when it uses the default address. Doing so is sometimes necessary
|
||||
on systems which bind to IPv6 only by default. It has no effect on non-IPv6
|
||||
sockets, and is overridden by the "v6only" option.
|
||||
|
||||
v6only
|
||||
Is an optional keyword which is supported only on most recent systems
|
||||
including Linux kernels >= 2.4.21. It is used to bind a socket to IPv6 only
|
||||
when it uses the default address. Doing so is sometimes preferred to doing it
|
||||
system-wide as it is per-listener. It has no effect on non-IPv6 sockets and
|
||||
has precedence over the "v4v6" option.
|
||||
|
||||
uid <uid>
|
||||
Sets the owner of the UNIX sockets to the designated system uid. It can also
|
||||
be set by default in the global section's "unix-bind" statement. Note that
|
||||
@ -16692,6 +16678,20 @@ user <user>
|
||||
setting except that the user name is used instead of its uid. This setting is
|
||||
ignored by non UNIX sockets.
|
||||
|
||||
v4v6
|
||||
Is an optional keyword which is supported only on most recent systems
|
||||
including Linux kernels >= 2.4.21. It is used to bind a socket to both IPv4
|
||||
and IPv6 when it uses the default address. Doing so is sometimes necessary
|
||||
on systems which bind to IPv6 only by default. It has no effect on non-IPv6
|
||||
sockets, and is overridden by the "v6only" option.
|
||||
|
||||
v6only
|
||||
Is an optional keyword which is supported only on most recent systems
|
||||
including Linux kernels >= 2.4.21. It is used to bind a socket to IPv6 only
|
||||
when it uses the default address. Doing so is sometimes preferred to doing it
|
||||
system-wide as it is per-listener. It has no effect on non-IPv6 sockets and
|
||||
has precedence over the "v4v6" option.
|
||||
|
||||
verify [none|optional|required]
|
||||
This setting is only available when support for OpenSSL was built in. If set
|
||||
to 'none', client certificate is not requested. This is the default. In other
|
||||
|
||||
Loading…
Reference in New Issue
Block a user