I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04):

Excerpt from haproxy.cfg:

frontend http-in
#    bind *:80
    bind :::80 v4v6
#    bind *:443 ssl crt /etc/haproxy/certs/xxxxxx.pem 
    bind :::443 v4v6 ssl crt /etc/haproxy/certs/xxxxxx.pem
    bind quic4@0.0.0.0:443 name quic443 ssl crt /etc/haproxy/certs/xxxxxxx.pem 
proto quic alpn h3,h3-29,h3-28,h3-27 npn h3,h3-29,h3-28,h3-27 allow-0rtt curves 
secp521r1:secp384r1
    http-response add-header alt-svc 'h3=":443"; ma=7200,h3-29=":443"; 
ma=7200,h3-Q050=":443"; ma=7200,h3-Q046=":443"; ma=7200,h3-Q043=":443"; 
ma=7200,quic=":443"; ma=7200'

    http-request return status 200 content-type text/plain lf-string 
"%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg 
'/.well-known/acme-challenge/' }

    # Redirect if HTTPS is *not* used
    redirect scheme https code 301 if !{ ssl_fc }
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/

    use_backend letsencrypt-backend if letsencrypt-acl
    default_backend website

    log /dev/log local2 debug

    acl is_static       path_beg /export/ /opencms/ /resources/ /javadoc/ 
/VAADIN/ /workplace /opencms-login/

    acl is_website      hdr_beg(host) -i www.kukulies.org
    acl is_cmssite      hdr_beg(host) -i cms.kukulies.org
    use_backend website-static if is_website is_static
    use_backend website if is_website
    use_backend cmssite if is_cmssite

backend letsencrypt-backend
    server letsencrypt 127.0.0.1:8888

backend website-static
    server www.kukulies.org 127.0.0.1:8080

backend website
     #    http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ 
/opencms/\2
     # http-request set-path /opencms%[path]
    server www.kukulies.org 127.0.0.1:8080
backend cmssite
     #    http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ 
/opencms/\2
    #  http-request set-path /opencms%[path]
    server cms.kukulies.org 127.0.0.1:8082

In my haproxy.log I see:

Nov 28 16:10:19 mail haproxy[59727]: ::ffff:88.181.85.41:63772 
[28/Nov/2023:16:10:19.728] http-in http-in/<NOSRV> 0/-1/-1/-1/0 301 97 - - LR-- 
1/1/0/0/0 0/0 "GET / HTTP/1.1"

This stems from a request I did that way:

curl http://www.kukulies.org

Comments welcome.

--
Christoph

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to