Signed-off-by: Nenad Merdanovic <nmer...@anine.io> --- doc/configuration.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt index 85d94d9..4ecde15 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -14678,6 +14678,13 @@ set ssl ocsp-response <response> echo "set ssl ocsp-response $(base64 -w 10000 resp.der)" | \ socat stdio /var/run/haproxy.stat +set ssl tls-key <id> <tlskey> + Set the next TLS key for the <id> listener to <tlskey>. This key becomes the + ultimate key, while the penultimate one is used for encryption (others just + decrypt). The oldest TLS key present is overwritten. <id> is either a numeric + #<id> or <file> returned by "show tls-keys". <tlskey> is a base64 encoded 48 + bit TLS ticket key (ex. openssl rand -base64 48). + set table <table> key <key> [data.<data_type> <value>]* Create or update a stick-table entry in the table. If the key is not present, an entry is inserted. See stick-table in section 4.2 to find all possible @@ -14912,6 +14919,11 @@ show table <name> [ data.<type> <operator> <value> ] | [ key <key> ] | fgrep 'key=' | cut -d' ' -f2 | cut -d= -f2 > abusers-ip.txt ( or | awk '/key/{ print a[split($2,a,"=")]; }' ) +show tls-keys + Dump all loaded TLS ticket keys. The TLS ticket key reference ID and the + file from which the keys have been loaded is shown. Both of those can be + used to update the TLS keys using "set ssl tls-key". + shutdown frontend <frontend> Completely delete the specified frontend. All the ports it was bound to will be released. It will not be possible to enable the frontend anymore after -- 2.1.4