Patch documentation 1.5.x
Hi,
There is small discrepancy in the documentation for version 1..5.x.
req.uri is used where it should be capture.req.uri.
Also no scheme is used resulting in a redirect loop.
Patch as follows:
# diff -u /usr/share/doc/haproxy-1.5.15/configuration.txt
/usr/share/doc/haproxy-1.5.15/configuration.txt.new
--- /usr/share/doc/haproxy-1.5.15/configuration.txt 2015-11-05
14:55:32.0 +0100
+++ /usr/share/doc/haproxy-1.5.15/configuration.txt.new 2016-04-11
11:28:42.376609464 +0200
@@ -5509,7 +5509,7 @@
redirect scheme https if !{ ssl_fc }
Example: append 'www.' prefix in front of all hosts not having it
-http-request redirect code 301 location www.%[hdr(host)]%[req.uri]
\
+http-request redirect code 301 location
http://www.%[hdr(host)]%[capture.req.uri]
\
unless { hdr_beg(host) -i www }
See section 7 about ACL usage.
Kind regards,
Coen
ca-file with verify required and multiple root ca's
Hi all, We have a customer who wants to protect a site with client certificates. However the client certificates are created with two different root ca's. If we configure one CA cert in the ca-file everything works great. When I add the second CA, access for clients with a cert from the first ca are allowed. Clients with certificates from the second ca are refused. If I change the order off CA certificates it's just the other way around. Example off our configuration: - frontend frontend_with_ca mode http bind 10.11.12.13:443 ssl crt-list /etc/haproxy/crt-list-frontend_with_ca transparent no-tlsv10 no-tlsv11 ca-file /etc/haproxy/trusted_ca.pem verify required - Is it to possible to allow client certificates from two different root ca's in one frontend? We are using HA-Proxy version 1.8.12 from IUS. Thanks in advance! Kind regards, Coen
