Hi Team, We are in the process of using newer HAproxy version. Below is the scenario explained where we are stuck.
* In RHEL 8.1 version, installed the latest version of the application. haproxy-1.8.15-6.el8_1.1.x86_64 # yum info haproxy Red Hat Update Infrastructure 3 Client Configuration Server 8 12 kB/s | 2.1 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs) 24 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs) 21 kB/s | 2.4 kB 00:00 Installed Packages Name : haproxy Version : 1.8.15 Release : 6.el8_1.1 Architecture : x86_64 Size : 4.4 M Source : haproxy-1.8.15-6.el8_1.1.src.rpm Repository : @System >From repo : rhel-8-appstream-rhui-rpms Summary : HAProxy reverse proxy for high availability environments URL : http://www.haproxy.org/ License : GPLv2+ Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high : availability environments. Indeed, it can: : - route HTTP requests depending on statically assigned cookies : - spread load among several servers while assuring server persistence : through the use of HTTP cookies : - switch to backup servers in the event a main one fails : - accept connections to special ports dedicated to service monitoring : - stop accepting connections without breaking existing ones : - add, modify, and delete HTTP headers in both directions : - block requests matching particular patterns : - report detailed status to authenticated users from a URI : intercepted from the application * So after this configuration file is updated with our configurations. We need to use multiple certificates (SNI) hence used bind option to verify the certificates under the folder. But receiving below error please help us on priority. Attached configuration file for reference. Below is the error we are receiving. # haproxy -f /etc/haproxy/haproxy.cfg -c [ALERT] 105/113215 (5684) : parsing [/etc/haproxy/haproxy.cfg:33] : 'bind *:443' unknown keyword 'ssl'. Registered keywords : [STAT] level <arg> [STAT] expose-fd <arg> [STAT] severity-output <arg> [ TCP] defer-accept [ TCP] interface <arg> [ TCP] mss <arg> [ TCP] tcp-ut <arg> [ TCP] tfo [ TCP] transparent [ TCP] v4v6 [ TCP] v6only [ TCP] namespace <arg> [ ALL] accept-netscaler-cip <arg> [ ALL] accept-proxy [ ALL] backlog <arg> [ ALL] id <arg> [ ALL] maxconn <arg> [ ALL] name <arg> [ ALL] nice <arg> [ ALL] process <arg> [ ALL] proto <arg> [UNIX] gid <arg> [UNIX] group <arg> [UNIX] mode <arg> [UNIX] uid <arg> [UNIX] user <arg> [ALERT] 105/113215 (5684) : parsing [/etc/haproxy/haproxy.cfg:36] : error detected while parsing an 'http-request set-header' condition : unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'. [ALERT] 105/113215 (5684) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg Please check the error and configuration and let me know what needs to done to fix the issue. Thanks, Bindushree D B This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored. This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.