Le 1/10/22 à 23:19, Willy Tarreau a écrit :
w options were still configurable on the CLI by then.
"check-ssl" has been available for a long time, so that's not the
reason behind it, but I guess you were referring to something else. I
suspect I did a dumb copy/paste from the new_server function and
probably never thought was possibly wrong as my previous production
never had any check using tls.
Maybe but then I don't remember about all the detailed rules in place
that indicate when check-ssl *has* to be used. I'll have to read the
doc.
For a health-check, if no port or address is specified and no transport layer is
forced, then the transport layer used by the check is the same than for the
production traffic.
So, the same must be done for dynamic changes. But it is not so simple because,
when the check inherits from the server settings, "srv->check.use_ssl" is also
changed. I don't remember why this field is updated. But this may prevent any
dynamic change on healtcheck. I must read the code to be sure.
--
Christopher Faulet
