Patch documentation 1.5.x
Hi, There is small discrepancy in the documentation for version 1..5.x. req.uri is used where it should be capture.req.uri. Also no scheme is used resulting in a redirect loop. Patch as follows: # diff -u /usr/share/doc/haproxy-1.5.15/configuration.txt /usr/share/doc/haproxy-1.5.15/configuration.txt.new --- /usr/share/doc/haproxy-1.5.15/configuration.txt 2015-11-05 14:55:32.0 +0100 +++ /usr/share/doc/haproxy-1.5.15/configuration.txt.new 2016-04-11 11:28:42.376609464 +0200 @@ -5509,7 +5509,7 @@ redirect scheme https if !{ ssl_fc } Example: append 'www.' prefix in front of all hosts not having it -http-request redirect code 301 location www.%[hdr(host)]%[req.uri] \ +http-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] \ unless { hdr_beg(host) -i www } See section 7 about ACL usage. Kind regards, Coen
ca-file with verify required and multiple root ca's
Hi all, We have a customer who wants to protect a site with client certificates. However the client certificates are created with two different root ca's. If we configure one CA cert in the ca-file everything works great. When I add the second CA, access for clients with a cert from the first ca are allowed. Clients with certificates from the second ca are refused. If I change the order off CA certificates it's just the other way around. Example off our configuration: - frontend frontend_with_ca mode http bind 10.11.12.13:443 ssl crt-list /etc/haproxy/crt-list-frontend_with_ca transparent no-tlsv10 no-tlsv11 ca-file /etc/haproxy/trusted_ca.pem verify required - Is it to possible to allow client certificates from two different root ca's in one frontend? We are using HA-Proxy version 1.8.12 from IUS. Thanks in advance! Kind regards, Coen