Nenad That makes total sense - and solved the issue with sockets like a charm.
Thanks for the tip on combining the certs, that makes configuration even simpler - that's the approach I am going with for production setup. No more multi-chained backends, yay! On Thu, Jan 5, 2017 at 7:06 PM, Nenad Merdanovic <[email protected]> wrote: > Hello, > > On 1/6/2017 1:55 AM, Vitaly Pecharsky wrote: >> haproxy -vv >> HA-Proxy version 1.7.1 2016/12/13 >> Copyright 2000-2016 Willy Tarreau <[email protected]> > > As you are running 1.7 and OpenSSL 1.1.0, you don't need to do this any > more. HAProxy can now natively support ECC/RSA/DSA based on client > support. Check > https://cbonte.github.io/haproxy-dconv/configuration-1.7.html#5.1-crt > >> unix-bind prefix /var/run/ mode 600 user haproxy group haproxy > > unix-bind only affects bind lines and because of this: > >> server example-ecc-rsa-in unix@haproxy_example_rsa_in.sock send-proxy > > You need to change this to unix@/var/run/haproxy_example_rsa_in.sock. > > Regards, > Nenad -- Sincerely Vitaly Pecharsky mailto:[email protected]
