On Wed, Nov 08, 2023 at 04:42:00PM +0100, Christoph Kukulies wrote: > > I posted the output of haproxy -vv (on demand of William Lallemand). Maybe > you overlooked it: >
That's weird, it shouldn't behave like this and I couldn't reproduce at all. > root@mail:~/haproxy-scripts# /usr/local/sbin/haproxy -vv > HAProxy version 2.8.3-d6e5cd-70 2023/10/26 - https://haproxy.org/ > <https://haproxy.org/> > Status: long-term supported branch - will stop receiving fixes around Q2 2028. > Known bugs: http://www.haproxy.org/bugs/bugs-2.8.3.html > <http://www.haproxy.org/bugs/bugs-2.8.3.html> > Running on: Linux 5.15.0-88-generic #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC > 2023 x86_64 > Build options : > TARGET = linux-glibc > CPU = native > CC = cc > CFLAGS = -O2 -march=native -g -Wall -Wextra -Wundef > -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits > -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond > -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label > -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered > -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int > -Wno-atomic-alignment > OPTIONS = USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_QUIC=1 USE_PCRE2_JIT=1 > DEBUG = > > > And the install script installed the following config file (kindly > overwriting my own config, thank you :-(. ) > You should probably use a packaged version of haproxy. > global > maxconn 64 > daemon > log 127.0.0.1 len 65535 format rfc5424 local0 > log 127.0.0.1 len 65535 format rfc5424 local1 notice > > > defaults > log global > option httplog > mode http > timeout connect 5s > timeout client 15s > timeout server 120s > timeout http-keep-alive 5s > timeout check 9990 > > > frontend web80 > bind 0.0.0.0:80 name web80 > default_backend be-local-81 > > frontend web > description One frontend to rule them all > bind 0.0.0.0:443 name web443 ssl crt > /etc/ssl/certs/local/selfsigned.pem alpn h2,http/1.1 npn h2,http/1.1 > allow-0rtt curves secp521r1:secp384r1 > bind quic4@0.0.0.0:443 name quic443 ssl crt > /etc/ssl/certs/local/selfsigned.pem proto quic alpn h3,h3-29,h3-28,h3-27 npn > h3,h3-29,h3-28,h3-27 allow-0rtt curves secp521r1:secp384r1 > http-response add-header alt-svc 'h3=":443"; ma=7200,h3-29=":443"; > ma=7200,h3-Q050=":443"; ma=7200,h3-Q046=":443"; ma=7200,h3-Q043=":443"; > ma=7200,quic=":443"; ma=7200' > default_backend be-local-81 > stats enable > stats uri /hapeek > stats refresh 15 > > backend be-local-81 > option httpchk > server localhost 127.0.0.1:81 > > > which leads to haproxy failing on startup: > > Nov 8 16:38:28 mail haproxy[101582]: [ALERT] (101582) : parsing > [/etc/haproxy/haproxy.cfg:26] : 'bind' : unsupported protocol family 2 for > address 'quic4@0.0.0.0:443' > > So what can I do about it other than trusting upon the scripts and configs > to work? Or ask here for help? I don't know how you are running your configuration, and what your scripts does. I can't reproduce at all the problem with the given configuration. How are you starting haproxy? Could you run `/usr/local/sbin/haproxy -c -f /etc/haproxy/haproxy.cfg` ? -- William Lallemand
