Hi,
we are using haproxy 2.4.17 at the moment. i have compiled haproxy 2.6 with
quic support and quctls
when i no check my config i get
/opt/haproxy-260# /opt/haproxy-260/sbin/haproxy -c -f haproxy.cfg
[NOTICE] (35905) : haproxy version is 2.6.0-a1efc04
[NOTICE] (35905) : path to executable is /opt/haproxy-260/sbin/haproxy
[WARNING] (35905) : config : parsing [haproxy.cfg:100]: 'log-format' overrides previous 'option httplog' in 'defaults'
section.
[ALERT](35905) : config : parsing [haproxy.cfg:213] : 'bind' : unsupported stream protocol for datagram family 2
address 'quic4@:4443'; QUIC is not compiled in if this is what you were looking for.
[ALERT](35905) : config : Error(s) found in configuration file : haproxy.cfg
[ALERT](35905) : config : Fatal errors found in configuration.
the bind part looks like
frontend https
bind 12.34.56.79:4443 ssl crt /opt/haproxy/haproxy.ssl.crt crt /opt/haproxy/domain.pem crt /opt/haproxy/domain2.pem
alpn h2,http/1.1
# enables HTTP/3 over QUIC
bind quic4@:4443 ssl crt /opt/haproxy/haproxy.ssl.crt crt
/opt/haproxy/domain.pem crt /opt/haproxy/domain2.pem alpn h3
could it be a problem with my network setup?
i have to network cards in my VM. one for internal and one for external
connections
the external connects has to virtual ip address
2: eth0: mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether 02:01:4d:66:f4:62 brd ff:ff:ff:ff:ff:ff
inet 46.16.79.137/24 brd 46.16.79.137 scope global eth0
valid_lft forever preferred_lft forever
inet 46.16.74.36/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::1:4dff:fe66:f462/64 scope link
valid_lft forever preferred_lft forever
my build command was
make TARGET=linux-glibc USE_OPENSSL=1 SSL_INC=/opt/quictls/include SSL_LIB=/opt/quictls/lib64
LDFLAGS="-Wl,-rpath,/opt/quictls/lib64" ADDLIB="-lz -ldl" USE_ZLIB=1 USE_PCRE=1 USE_PCRE=yes USE_LUA=1
LUA_LIB_NAME=lua5.3 LUA_INC=/usr/include/lua5.3 ;
HAProxy version 2.6.0-a1efc04 2022/05/31 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.0.html
Running on: Linux Ubuntu
Build options :
TARGET = linux-glibc
CPU = generic
CC = cc
CFLAGS = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv
-Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered
-Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
OPTIONS = USE_PCRE=yes USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1
DEBUG = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS
Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL +THREAD +BACKTRACE -STATIC_PCRE
-STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -ENGINE +GETADDRINFO +OPENSSL +LUA +ACCEPT4
-CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL
-PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 3.0.3+quic 3 May 2022
Running on OpenSSL version : OpenSSL 3.0.3+quic 3 May 2022
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
OpenSSL providers loaded : default
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Support for malloc_trim() is enabled.
Built with zlib version :
Running on zlib version :
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with PCRE version :
Running on PCRE version :
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with gcc compiler version ...
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE|BE mux=H2flags=HTX|HOL_RISK|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
: mode=HTTP side=FE|BE mux=H1flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1flags=HTX|NO_UPG
: mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : none
Available filters :
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace