Thanks, Jarno, for sorting this out. Running on ipv6 is probably obvious due to the bind :::80 and bind :::443 statements. This v4v6 extension I got from somewhere and is supposed to be Linux kernel specific.
> Am 01.12.2023 um 07:56 schrieb Jarno Huuskonen <jarno.huusko...@uef.fi>: > > Hi, > > On Tue, 2023-11-28 at 16:29 +0100, Christoph Kukulies wrote: >> I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04): >> >> Excerpt from haproxy.cfg: >> >> frontend http-in >> # bind *:80 >> bind :::80 v4v6 >> # bind *:443 ssl crt /etc/haproxy/certs/xxxxxx.pem >> bind :::443 v4v6 ssl crt /etc/haproxy/certs/xxxxxx.pem >> bind quic4@0.0.0.0:443 name quic443 ssl crt >> /etc/haproxy/certs/xxxxxxx.pem proto quic alpn h3,h3-29,h3-28,h3-27 npn >> h3,h3-29,h3-28,h3-27 allow-0rtt curves secp521r1:secp384r1 >> http-response add-header alt-svc 'h3=":443"; ma=7200,h3-29=":443"; >> ma=7200,h3-Q050=":443"; ma=7200,h3-Q046=":443"; ma=7200,h3- >> Q043=":443"; ma=7200,quic=":443"; ma=7200' >> >> http-request return status 200 content-type text/plain lf-string >> "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well- >> known/acme-challenge/' } >> > > This and "use_backend letsencrypt-backend if letsencrypt-acl" seem like > duplicate and only one of them is used ? > >> # Redirect if HTTPS is *not* used >> redirect scheme https code 301 if !{ ssl_fc } >> acl letsencrypt-acl path_beg /.well-known/acme-challenge/ >> >> use_backend letsencrypt-backend if letsencrypt-acl >> default_backend website >> >> In my haproxy.log I see: >> >> Nov 28 16:10:19 mail haproxy[59727]: ::ffff:88.181.85.41:63772 >> [28/Nov/2023:16:10:19.728] http-in http-in/<NOSRV> 0/-1/-1/-1/0 301 97 - - >> LR-- 1/1/0/0/0 0/0 "GET / HTTP/1.1" >> >> This stems from a request I did that way: >> >> curl http://www.kukulies.org <http://www.kukulies.org/> >> > > Seems normal, status code is 301 and you have "redirect scheme https code > 301 if !{ ssl_fc }" > Is this what you expect or do you think there're some errors ? But the http-in/<NOSRV> is bugging me. -- Christoph
smime.p7s
Description: S/MIME cryptographic signature