mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-06 15:17:01 +02:00
DOC: configuration: fix alphabetical order of bind options
Put the curves, ecdhe, severity-output, v4v6 and v6only keyword at the right place. Fix issue #2594. Could be backported in every stable versions.
This commit is contained in:
parent
9d312212df
commit
0cc2913aec
@ -15852,19 +15852,6 @@ backlog <backlog>
|
|||||||
Sets the socket's backlog to this value. If unspecified or 0, the frontend's
|
Sets the socket's backlog to this value. If unspecified or 0, the frontend's
|
||||||
backlog is used instead, which generally defaults to the maxconn value.
|
backlog is used instead, which generally defaults to the maxconn value.
|
||||||
|
|
||||||
curves <curves>
|
|
||||||
This setting is only available when support for OpenSSL was built in. It sets
|
|
||||||
the string describing the list of elliptic curves algorithms ("curve suite")
|
|
||||||
that are negotiated during the SSL/TLS handshake with ECDHE. The format of the
|
|
||||||
string is a colon-delimited list of curve name.
|
|
||||||
Example: "X25519:P-256" (without quote)
|
|
||||||
When "curves" is set, "ecdhe" parameter is ignored.
|
|
||||||
|
|
||||||
ecdhe <named curve>
|
|
||||||
This setting is only available when support for OpenSSL was built in. It sets
|
|
||||||
the named curve (RFC 4492) used to generate ECDH ephemeral keys. By default,
|
|
||||||
used named curve is prime256v1.
|
|
||||||
|
|
||||||
ca-file <cafile>
|
ca-file <cafile>
|
||||||
This setting is only available when support for OpenSSL was built in. It
|
This setting is only available when support for OpenSSL was built in. It
|
||||||
designates a PEM file from which to load CA certificates used to verify
|
designates a PEM file from which to load CA certificates used to verify
|
||||||
@ -16147,6 +16134,14 @@ default-crt <cert>
|
|||||||
|
|
||||||
See also the "crt" keyword.
|
See also the "crt" keyword.
|
||||||
|
|
||||||
|
curves <curves>
|
||||||
|
This setting is only available when support for OpenSSL was built in. It sets
|
||||||
|
the string describing the list of elliptic curves algorithms ("curve suite")
|
||||||
|
that are negotiated during the SSL/TLS handshake with ECDHE. The format of the
|
||||||
|
string is a colon-delimited list of curve name.
|
||||||
|
Example: "X25519:P-256" (without quote)
|
||||||
|
When "curves" is set, "ecdhe" parameter is ignored.
|
||||||
|
|
||||||
defer-accept
|
defer-accept
|
||||||
Is an optional keyword which is supported only on certain Linux kernels. It
|
Is an optional keyword which is supported only on certain Linux kernels. It
|
||||||
states that a connection will only be accepted once some data arrive on it,
|
states that a connection will only be accepted once some data arrive on it,
|
||||||
@ -16160,6 +16155,11 @@ defer-accept
|
|||||||
an established connection while the proxy will only see it in SYN_RECV. This
|
an established connection while the proxy will only see it in SYN_RECV. This
|
||||||
option is only supported on TCPv4/TCPv6 sockets and ignored by other ones.
|
option is only supported on TCPv4/TCPv6 sockets and ignored by other ones.
|
||||||
|
|
||||||
|
ecdhe <named curve>
|
||||||
|
This setting is only available when support for OpenSSL was built in. It sets
|
||||||
|
the named curve (RFC 4492) used to generate ECDH ephemeral keys. By default,
|
||||||
|
used named curve is prime256v1.
|
||||||
|
|
||||||
expose-fd listeners
|
expose-fd listeners
|
||||||
This option is only usable with the stats socket. It gives your stats socket
|
This option is only usable with the stats socket. It gives your stats socket
|
||||||
the capability to pass listeners FD to another HAProxy process.
|
the capability to pass listeners FD to another HAProxy process.
|
||||||
@ -16264,18 +16264,6 @@ level <level>
|
|||||||
- "admin" should be used with care, as everything is permitted (e.g. clear
|
- "admin" should be used with care, as everything is permitted (e.g. clear
|
||||||
all counters).
|
all counters).
|
||||||
|
|
||||||
severity-output <format>
|
|
||||||
This setting is used with the stats sockets only to configure severity
|
|
||||||
level output prepended to informational feedback messages. Severity
|
|
||||||
level of messages can range between 0 and 7, conforming to syslog
|
|
||||||
rfc5424. Valid and successful socket commands requesting data
|
|
||||||
(i.e. "show map", "get acl foo" etc.) will never have a severity level
|
|
||||||
prepended. It is ignored by other sockets. <format> can be one of :
|
|
||||||
- "none" (default) no severity level is prepended to feedback messages.
|
|
||||||
- "number" severity level is prepended as a number.
|
|
||||||
- "string" severity level is prepended as a string following the
|
|
||||||
rfc5424 convention.
|
|
||||||
|
|
||||||
maxconn <maxconn>
|
maxconn <maxconn>
|
||||||
Limits the sockets to this number of concurrent connections. Extraneous
|
Limits the sockets to this number of concurrent connections. Extraneous
|
||||||
connections will remain in the system's backlog until a connection is
|
connections will remain in the system's backlog until a connection is
|
||||||
@ -16482,6 +16470,18 @@ quic-socket [ connection | listener ]
|
|||||||
the specific listeners. See "tune.quic.socket-owner" for a full description
|
the specific listeners. See "tune.quic.socket-owner" for a full description
|
||||||
of its usage.
|
of its usage.
|
||||||
|
|
||||||
|
severity-output <format>
|
||||||
|
This setting is used with the stats sockets only to configure severity
|
||||||
|
level output prepended to informational feedback messages. Severity
|
||||||
|
level of messages can range between 0 and 7, conforming to syslog
|
||||||
|
rfc5424. Valid and successful socket commands requesting data
|
||||||
|
(i.e. "show map", "get acl foo" etc.) will never have a severity level
|
||||||
|
prepended. It is ignored by other sockets. <format> can be one of :
|
||||||
|
- "none" (default) no severity level is prepended to feedback messages.
|
||||||
|
- "number" severity level is prepended as a number.
|
||||||
|
- "string" severity level is prepended as a string following the
|
||||||
|
rfc5424 convention.
|
||||||
|
|
||||||
shards <number> | by-thread | by-group
|
shards <number> | by-thread | by-group
|
||||||
In multi-threaded mode, on operating systems supporting multiple listeners on
|
In multi-threaded mode, on operating systems supporting multiple listeners on
|
||||||
the same IP:port, this will automatically create this number of multiple
|
the same IP:port, this will automatically create this number of multiple
|
||||||
@ -16664,20 +16664,6 @@ transparent
|
|||||||
kernel version. Some distribution kernels include backports of the feature,
|
kernel version. Some distribution kernels include backports of the feature,
|
||||||
so check for support with your vendor.
|
so check for support with your vendor.
|
||||||
|
|
||||||
v4v6
|
|
||||||
Is an optional keyword which is supported only on most recent systems
|
|
||||||
including Linux kernels >= 2.4.21. It is used to bind a socket to both IPv4
|
|
||||||
and IPv6 when it uses the default address. Doing so is sometimes necessary
|
|
||||||
on systems which bind to IPv6 only by default. It has no effect on non-IPv6
|
|
||||||
sockets, and is overridden by the "v6only" option.
|
|
||||||
|
|
||||||
v6only
|
|
||||||
Is an optional keyword which is supported only on most recent systems
|
|
||||||
including Linux kernels >= 2.4.21. It is used to bind a socket to IPv6 only
|
|
||||||
when it uses the default address. Doing so is sometimes preferred to doing it
|
|
||||||
system-wide as it is per-listener. It has no effect on non-IPv6 sockets and
|
|
||||||
has precedence over the "v4v6" option.
|
|
||||||
|
|
||||||
uid <uid>
|
uid <uid>
|
||||||
Sets the owner of the UNIX sockets to the designated system uid. It can also
|
Sets the owner of the UNIX sockets to the designated system uid. It can also
|
||||||
be set by default in the global section's "unix-bind" statement. Note that
|
be set by default in the global section's "unix-bind" statement. Note that
|
||||||
@ -16692,6 +16678,20 @@ user <user>
|
|||||||
setting except that the user name is used instead of its uid. This setting is
|
setting except that the user name is used instead of its uid. This setting is
|
||||||
ignored by non UNIX sockets.
|
ignored by non UNIX sockets.
|
||||||
|
|
||||||
|
v4v6
|
||||||
|
Is an optional keyword which is supported only on most recent systems
|
||||||
|
including Linux kernels >= 2.4.21. It is used to bind a socket to both IPv4
|
||||||
|
and IPv6 when it uses the default address. Doing so is sometimes necessary
|
||||||
|
on systems which bind to IPv6 only by default. It has no effect on non-IPv6
|
||||||
|
sockets, and is overridden by the "v6only" option.
|
||||||
|
|
||||||
|
v6only
|
||||||
|
Is an optional keyword which is supported only on most recent systems
|
||||||
|
including Linux kernels >= 2.4.21. It is used to bind a socket to IPv6 only
|
||||||
|
when it uses the default address. Doing so is sometimes preferred to doing it
|
||||||
|
system-wide as it is per-listener. It has no effect on non-IPv6 sockets and
|
||||||
|
has precedence over the "v4v6" option.
|
||||||
|
|
||||||
verify [none|optional|required]
|
verify [none|optional|required]
|
||||||
This setting is only available when support for OpenSSL was built in. If set
|
This setting is only available when support for OpenSSL was built in. If set
|
||||||
to 'none', client certificate is not requested. This is the default. In other
|
to 'none', client certificate is not requested. This is the default. In other
|
||||||
|
Loading…
Reference in New Issue
Block a user