On 4/10/2022 5:51 PM, John Lauro wrote:
If you always redirect 80 to 443 then you could do a separate frontend for port 80 that always redirects (one simple rule) then you don't need to duplicate the rules. If you have some sites you allow http, then the duplicates could get annoying, although there are work arounds using a socket loopback. (Not pretty, but I used to do that long long ago when I had to support 80 and 443 didn't want to redirect in all cases of http).
That would be a much simpler setup than duplicating the entire front end so one handles TCP and the other UDP. I will do that. And if a future version enables ssl_fc for quic with TLS, I can drop that frontend.
Thanks, Shawn
