From 4d5f7d94b97aa0cc7153ab0b39b43c81f4024e51 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 29 Aug 2023 10:22:46 +0200 Subject: [PATCH] DOC: config: mention uid dependency on the tune.quic.socket-owner option This option defaults to "connection" but is also dependent on the user being allowed to bind the specified port. Since QUIC can easily run on non-privileged ports, usually this is not a problem, but if bound to port 443 it will usually fail. Let's mention this. --- doc/configuration.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 1b62f8882..9c9d8a747 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3422,7 +3422,9 @@ tune.quic.socket-owner { listener | connection } and cases of transient errors during sendto() operation are handled efficiently. However, this relies on some advanced features from the UDP network stack. If your platform is deemed not compatible, haproxy will - automatically switch to "listener" mode on startup. + automatically switch to "listener" mode on startup. Please note that QUIC + listeners running on privileged ports may require to run as uid 0, or some + OS-specific tuning to permit the target uid to bind such ports. The "listener" value indicates that QUIC transfers will occur on the shared listener socket. This option can be a good compromise for small traffic as it