Hi,
On Tue, 2023-11-28 at 16:29 +0100, Christoph Kukulies wrote:
> I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04):
>
> Excerpt from haproxy.cfg:
>
> frontend http-in
> # bind *:80
> bind :::80 v4v6
> # bind *:443 ssl crt /etc/haproxy/certs/xxxxxx.pem
> bind :::443 v4v6 ssl crt /etc/haproxy/certs/xxxxxx.pem
> bind quic4@0.0.0.0:443 name quic443 ssl crt
> /etc/haproxy/certs/xxxxxxx.pem proto quic alpn h3,h3-29,h3-28,h3-27 npn
> h3,h3-29,h3-28,h3-27 allow-0rtt curves secp521r1:secp384r1
> http-response add-header alt-svc 'h3=":443"; ma=7200,h3-29=":443";
> ma=7200,h3-Q050=":443"; ma=7200,h3-Q046=":443"; ma=7200,h3-
> Q043=":443"; ma=7200,quic=":443"; ma=7200'
>
> http-request return status 200 content-type text/plain lf-string
> "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-
> known/acme-challenge/' }
>
This and "use_backend letsencrypt-backend if letsencrypt-acl" seem like
duplicate and only one of them is used ?
> # Redirect if HTTPS is *not* used
> redirect scheme https code 301 if !{ ssl_fc }
> acl letsencrypt-acl path_beg /.well-known/acme-challenge/
>
> use_backend letsencrypt-backend if letsencrypt-acl
> default_backend website
>
> In my haproxy.log I see:
>
> Nov 28 16:10:19 mail haproxy[59727]: ::ffff:88.181.85.41:63772
> [28/Nov/2023:16:10:19.728] http-in http-in/<NOSRV> 0/-1/-1/-1/0 301 97 - -
> LR-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
>
> This stems from a request I did that way:
>
> curl http://www.kukulies.org
>
Seems normal, status code is 301 and you have "redirect scheme https code
301 if !{ ssl_fc }"
Is this what you expect or do you think there're some errors ?
-Jarno
--
Jarno Huuskonen
