Hi Team,
We are in the process of using newer HAproxy version.
Below is the scenario explained where we are stuck.
* In RHEL 8.1 version, installed the latest version of the application.
haproxy-1.8.15-6.el8_1.1.x86_64
# yum info haproxy
Red Hat Update Infrastructure 3 Client Configuration Server 8
12 kB/s | 2.1 kB
00:00
Red Hat Enterprise Linux 8 for x86_64 - AppStream from RHUI (RPMs)
24 kB/s | 2.8 kB
00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS from RHUI (RPMs)
21 kB/s | 2.4 kB
00:00
Installed Packages
Name : haproxy
Version : 1.8.15
Release : 6.el8_1.1
Architecture : x86_64
Size : 4.4 M
Source : haproxy-1.8.15-6.el8_1.1.src.rpm
Repository : @System
>From repo : rhel-8-appstream-rhui-rpms
Summary : HAProxy reverse proxy for high availability environments
URL : http://www.haproxy.org/
License : GPLv2+
Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited
for high
: availability environments. Indeed, it can:
: - route HTTP requests depending on statically assigned cookies
: - spread load among several servers while assuring server
persistence
: through the use of HTTP cookies
: - switch to backup servers in the event a main one fails
: - accept connections to special ports dedicated to service
monitoring
: - stop accepting connections without breaking existing ones
: - add, modify, and delete HTTP headers in both directions
: - block requests matching particular patterns
: - report detailed status to authenticated users from a URI
: intercepted from the application
* So after this configuration file is updated with our configurations.
We need to use multiple certificates (SNI) hence used bind option to verify the
certificates under the folder. But receiving below error please help us on
priority.
Attached configuration file for reference.
Below is the error we are receiving.
# haproxy -f /etc/haproxy/haproxy.cfg -c
[ALERT] 105/113215 (5684) : parsing [/etc/haproxy/haproxy.cfg:33] : 'bind
*:443' unknown keyword 'ssl'. Registered keywords :
[STAT] level <arg>
[STAT] expose-fd <arg>
[STAT] severity-output <arg>
[ TCP] defer-accept
[ TCP] interface <arg>
[ TCP] mss <arg>
[ TCP] tcp-ut <arg>
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ TCP] namespace <arg>
[ ALL] accept-netscaler-cip <arg>
[ ALL] accept-proxy
[ ALL] backlog <arg>
[ ALL] id <arg>
[ ALL] maxconn <arg>
[ ALL] name <arg>
[ ALL] nice <arg>
[ ALL] process <arg>
[ ALL] proto <arg>
[UNIX] gid <arg>
[UNIX] group <arg>
[UNIX] mode <arg>
[UNIX] uid <arg>
[UNIX] user <arg>
[ALERT] 105/113215 (5684) : parsing [/etc/haproxy/haproxy.cfg:36] : error
detected while parsing an 'http-request set-header' condition : unknown fetch
method 'ssl_fc' in ACL expression 'ssl_fc'.
[ALERT] 105/113215 (5684) : Error(s) found in configuration file :
/etc/haproxy/haproxy.cfg
Please check the error and configuration and let me know what needs to done to
fix the issue.
Thanks,
Bindushree D B
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient(s), please reply to the sender and
destroy all copies of the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email,
and/or any action taken in reliance on the contents of this e-mail is strictly
prohibited and may be unlawful. Where permitted by applicable law, this e-mail
and other e-mail communications sent to and from Cognizant e-mail addresses may
be monitored. This e-mail and any files transmitted with it are for the sole
use of the intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient(s), please reply to the
sender and destroy all copies of the original message. Any unauthorized review,
use, disclosure, dissemination, forwarding, printing or copying of this email,
and/or any action taken in reliance on the contents of this e-mail is strictly
prohibited and may be unlawful. Where permitted by applicable law, this e-mail
and other e-mail communications sent to and from Cognizant e-mail addresses may
be monitored.
