Hi, On Tue, 2023-11-28 at 16:29 +0100, Christoph Kukulies wrote: > I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04): > > Excerpt from haproxy.cfg: > > frontend http-in > # bind *:80 > bind :::80 v4v6 > # bind *:443 ssl crt /etc/haproxy/certs/xxxxxx.pem > bind :::443 v4v6 ssl crt /etc/haproxy/certs/xxxxxx.pem > bind quic4@0.0.0.0:443 name quic443 ssl crt > /etc/haproxy/certs/xxxxxxx.pem proto quic alpn h3,h3-29,h3-28,h3-27 npn > h3,h3-29,h3-28,h3-27 allow-0rtt curves secp521r1:secp384r1 > http-response add-header alt-svc 'h3=":443"; ma=7200,h3-29=":443"; > ma=7200,h3-Q050=":443"; ma=7200,h3-Q046=":443"; ma=7200,h3- > Q043=":443"; ma=7200,quic=":443"; ma=7200' > > http-request return status 200 content-type text/plain lf-string > "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well- > known/acme-challenge/' } >
This and "use_backend letsencrypt-backend if letsencrypt-acl" seem like duplicate and only one of them is used ? > # Redirect if HTTPS is *not* used > redirect scheme https code 301 if !{ ssl_fc } > acl letsencrypt-acl path_beg /.well-known/acme-challenge/ > > use_backend letsencrypt-backend if letsencrypt-acl > default_backend website > > In my haproxy.log I see: > > Nov 28 16:10:19 mail haproxy[59727]: ::ffff:88.181.85.41:63772 > [28/Nov/2023:16:10:19.728] http-in http-in/<NOSRV> 0/-1/-1/-1/0 301 97 - - > LR-- 1/1/0/0/0 0/0 "GET / HTTP/1.1" > > This stems from a request I did that way: > > curl http://www.kukulies.org > Seems normal, status code is 301 and you have "redirect scheme https code 301 if !{ ssl_fc }" Is this what you expect or do you think there're some errors ? -Jarno -- Jarno Huuskonen