Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2015-11-12 19:41:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2015-09-27 08:39:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2015-11-12 19:41:15.000000000 +0100 @@ -1,0 +2,120 @@ +Tue Nov 10 14:50:26 UTC 2015 - mrueck...@suse.de + +- fix link to tarball + +------------------------------------------------------------------- +Tue Nov 3 12:02:19 UTC 2015 - mrueck...@suse.de + +- update to 1.6.2 + - BUILD: ssl: fix build error introduced in commit 7969a3 with + OpenSSL < 1.0.0 + - DOC: fix a typo for a "deviceatlas" keyword + - FIX: small typo in an example using the "Referer" header + - BUG/MEDIUM: config: count memory limits on 64 bits, not 32 + - BUG/MAJOR: dns: first DNS response packet not matching queried + hostname may lead to a loop + - BUG/MINOR: dns: unable to parse CNAMEs response + - BUG/MINOR: examples/haproxy.init: missing brace in + quiet_check() + - DOC: deviceatlas: more example use cases. + - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in + install-bin. + - BUG/MAJOR: http: don't requeue an idle connection that is + already queued + - DOC: typo on capture.res.hdr and capture.req.hdr + - BUG/MINOR: dns: check for duplicate nameserver id in a + resolvers section was missing + - CLEANUP: use direction names in place of numeric values + - BUG/MEDIUM: lua: sample fetches based on response doesn't work +- drop haproxy-1.6.0-ssl-098.patch: included upstream + +------------------------------------------------------------------- +Thu Oct 22 10:21:00 UTC 2015 - mrueck...@suse.de + +- update to 1.6.1 + - DOC: specify that stats socket doc (section 9.2) is in + management + - BUILD: install only relevant and existing documentation + - CLEANUP: don't ignore debian/ directory if present + - BUG/MINOR: dns: parsing error of some DNS response + - BUG/MEDIUM: namespaces: don't fail if no namespace is used + - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is + disabled + - MEDIUM: dns: Don't use the ANY query type +- drop haproxy-1.6.0-ssl.crash.patch included in update + +------------------------------------------------------------------- +Mon Oct 19 16:15:57 UTC 2015 - mrueck...@suse.de + +- add haproxy-1.6.0-ssl-098.patch: + fix building on openssl 0.9.8 + +------------------------------------------------------------------- +Fri Oct 16 17:16:40 UTC 2015 - mrueck...@suse.de + +- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash + +------------------------------------------------------------------- +Thu Oct 15 23:19:33 UTC 2015 - mrueck...@suse.de + +- only use network namespace support on distros newer than 13.2 + +------------------------------------------------------------------- +Tue Oct 13 19:39:12 UTC 2015 - mrueck...@suse.de + +- update to 1.6.0 + The most user-visible changes, we can cite the simpler handling + of multiple configuration files, the support for quotes and + environment variables in the configuration, a significant + reduction of the memory usage thanks to a new dynamic buffer + allocator, notifications over e-mail, server state keeping across + reloads, dynamic DNS-based server address resolution, new + scripting capabilities thanks to the embedded Lua interpreter, + use of variables in the configuration to manipulate samples, + request body buffering and analysis, support for two third-party + device identification products (DeviceAtlas and 51Degrees), a lot + of new sample converters including arithmetic operators and table + lookups, TLS ticket secret sharing between nodes, TLS SNI to the + server, full tables replication between peers, ability to + instruct the kernel to quickly kill dead connections, support for + Linux namespaces, and a number of other less visible goodies. The + performance has also been improved a lot with support for server + connection multiplexing, much faster and cheaper HTTP compression + via libslz, and the addition of a pattern cache to speed up + certain expensive ACLs. The great flexibility offered by this + version will allow many users to significantly simplify their + configurations. Some users will notice a huge performance boost + after they enable the features designed for them. + + for all the details see /usr/share/doc/packages/haproxy/CHANGELOG +- drop patches we pulled from upstream git: + 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch + 0002-DOC-usesrc-root-privileges-requirements.patch + 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch + 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch + 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch + 0006-DOC-typo-in-redirect-302-code-meaning.patch + 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch + 0008-CLEANUP-.gitignore-ignore-more-test-files.patch + 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch + 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch + 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch + 0012-DOC-ssl-missing-LF.patch + 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch + 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch + 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch +- refresh/redo patches to apply cleanly again: + old: haproxy-1.2.16_config_haproxy_user.patch + new: haproxy-1.6.0_config_haproxy_user.patch + old: haproxy-makefile_lib.patch + new: haproxy-1.6.0-makefile_lib.patch + old: sec-options.patch + new: haproxy-1.6.0-sec-options.patch +- added new haproxy.cfg to have a minimal config we can actually + launch! +- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no + longer exist +- drop haproxy.vim: we will use the copy which ships with the + upstream tarball now. + +------------------------------------------------------------------- Old: ---- 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch 0002-DOC-usesrc-root-privileges-requirements.patch 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch 0006-DOC-typo-in-redirect-302-code-meaning.patch 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch 0008-CLEANUP-.gitignore-ignore-more-test-files.patch 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch 0012-DOC-ssl-missing-LF.patch 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch haproxy-1.2.16_config_haproxy_user.patch haproxy-1.5.14.tar.gz haproxy-1.5.8-fix-bashisms.patch haproxy-makefile_lib.patch haproxy.vim sec-options.patch New: ---- haproxy-1.6.0-makefile_lib.patch haproxy-1.6.0-sec-options.patch haproxy-1.6.0_config_haproxy_user.patch haproxy-1.6.2.tar.gz haproxy.cfg ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.MRhLU9/_old 2015-11-12 19:41:16.000000000 +0100 +++ /var/tmp/diff_new_pack.MRhLU9/_new 2015-11-12 19:41:16.000000000 +0100 @@ -19,6 +19,14 @@ %bcond_with tcp_fast_open %endif +%if 0%{?suse_version} > 1320 +%bcond_without lua +%bcond_without network_namespace +%else +%bcond_with lua +%bcond_with network_namespace +%endif + %if 0%{?suse_version} >= 1310 %bcond_without systemd %else @@ -33,12 +41,15 @@ %bcond_without apparmor Name: haproxy -Version: 1.5.14 +Version: 1.6.2 Release: 0 # # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libgcrypt-devel +%if %{with lua} +BuildRequires: lua-devel >= 5.3 +%endif BuildRequires: pcre-devel BuildRequires: zlib-devel BuildRequires: openssl-devel @@ -52,46 +63,14 @@ %define pkg_home /var/lib/%{pkg_name} # Url: http://www.haproxy.org/ -Source: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz +Source: http://www.haproxy.org/download/1.6/src/haproxy-%{version}.tar.gz Source1: %{pkg_name}.init -Source2: http://www.haproxy.org/download/contrib/haproxy.vim -Source3: usr.sbin.haproxy.apparmor -Source4: local.usr.sbin.haproxy.apparmor -Patch1: haproxy-1.2.16_config_haproxy_user.patch -Patch2: haproxy-makefile_lib.patch -Patch3: sec-options.patch -Patch4: haproxy-1.5.8-fix-bashisms.patch -# BUG/MINOR: log: missing some ARGC_* entries in fmt_directives() -Patch5: 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch -# DOC: usesrc root privileges requirements -Patch6: 0002-DOC-usesrc-root-privileges-requirements.patch -# BUILD: ssl: Allow building against libssl without SSLv3. -Patch7: 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch -# DOC/MINOR: fix OpenBSD versions where haproxy works -Patch8: 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch -# BUG/MINOR: http/sample: gmtime/localtime can fail -Patch9: 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch -# DOC: typo in 'redirect', 302 code meaning -Patch10: 0006-DOC-typo-in-redirect-302-code-meaning.patch -# DOC: mention that %ms is left-padded with zeroes. -Patch11: 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch -# CLEANUP: .gitignore: ignore more test files -Patch12: 0008-CLEANUP-.gitignore-ignore-more-test-files.patch -# CLEANUP: .gitignore: finally ignore everything but what is known. -Patch13: 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch -# MEDIUM: config: emit a warning on a frontend without listener -Patch14: 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch -# BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry -Patch15: 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch -# DOC: ssl: missing LF -Patch16: 0012-DOC-ssl-missing-LF.patch -# DOC: fix example of http-request using ssl_fc_session_id -Patch17: 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch -# BUG/MINOR: http: remove stupid HTTP_METH_NONE entry -Patch18: 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch -# BUG/MAJOR: http: don't call http_send_name_header() after an error -Patch19: 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch - +Source2: usr.sbin.haproxy.apparmor +Source3: local.usr.sbin.haproxy.apparmor +Source4: haproxy.cfg +Patch1: haproxy-1.6.0_config_haproxy_user.patch +Patch2: haproxy-1.6.0-makefile_lib.patch +Patch3: haproxy-1.6.0-sec-options.patch # Source99: haproxy-rpmlintrc # @@ -122,25 +101,9 @@ %prep %setup -q -%patch1 +%patch1 -p1 %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 %build %{__make} \ @@ -157,6 +120,10 @@ %ifarch %ix86 USE_REGPARM=1 \ %endif + USE_PTHREAD_PSHARED=1 \ + %if %{with lua} + USE_LUA=1 \ + %endif USE_TPROXY=1 \ USE_LINUX_TPROXY=1 \ USE_LINUX_SPLICE=1 \ @@ -167,9 +134,12 @@ USE_PIE=1 \ USE_STACKPROTECTOR=1 \ USE_RELRO_NOW=1 \ -%if %{with tcp_fast_open} + %if %{with tcp_fast_open} USE_TFO=1 \ -%endif + %endif + %if %{with network_namespace} + USE_NS=1 \ + %endif LIB="%{_lib}" \ PREFIX="%{_prefix}" \ DEBUG_CFLAGS="%{optflags}" @@ -178,28 +148,30 @@ DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now" %install -%{__install} -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name} -%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg +install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name} +install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/ +install -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg + +install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog -%{__install} -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog %if %{with systemd} -%{__install} -D -m 0755 haproxy-systemd-wrapper %{buildroot}%{_sbindir}/haproxy-systemd-wrapper -%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service +install -D -m 0755 haproxy-systemd-wrapper %{buildroot}%{_sbindir}/haproxy-systemd-wrapper +install -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name} %else -%{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} +install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} %{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} %endif -%{__install} -d -m 0755 %{buildroot}%{pkg_home} -%{__install} -D -m 0644 %{S:2} %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim -%{__install} -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1 +install -d -m 0755 %{buildroot}%{pkg_home} +install -D -m 0644 examples/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim +install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1 %if %{with apparmor} -%{__install} -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy -%{__install} -D -m 0644 %{S:4} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy +install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy +install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy %endif -%{__rm} examples/haproxy.spec +rm examples/haproxy.spec examples/*init* examples/haproxy.vim %if 0%{?suse_version} < 1230 %clean @@ -241,18 +213,14 @@ %doc CHANGELOG README LICENSE %doc ROADMAP doc/* examples/ %doc contrib/netsnmp-perl/ contrib/selinux/ -%dir %{_sysconfdir}/%{pkg_name} -%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg +%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name} +%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/* %if %{with systemd} %{_unitdir}/%{pkg_name}.service %{_sbindir}/haproxy-systemd-wrapper - %else - %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name} - %endif - %{_sbindir}/haproxy %{_sbindir}/haproxy-halog %{_sbindir}/rchaproxy ++++++ haproxy-1.6.0-makefile_lib.patch ++++++ Index: Makefile =================================================================== --- Makefile.orig +++ Makefile @@ -644,7 +644,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include -PCRE_LIB := $(PCREDIR)/lib +PCRE_LIB := $(PCREDIR)/$(LIB) endif ifeq ($(USE_STATIC_PCRE),) ++++++ haproxy-1.6.0-sec-options.patch ++++++ Index: Makefile =================================================================== --- Makefile.orig +++ Makefile @@ -671,6 +671,35 @@ OPTIONS_CFLAGS += -DUSE_TFO BUILD_OPTIONS += $(call ignore_implicit,USE_TFO) endif +# PIE +ifneq ($(USE_PIE),) +OPTIONS_CFLAGS += -DUSE_PIE +BUILD_OPTIONS += $(call ignore_implicit,USE_PIE) +OPTIONS_LDFLAGS += -pie +# still need to figure out how to express this conditional in the makefile +# %ifarch s390 s390x %sparc +# PIEFLAGS="-fPIE" +# %else +# PIEFLAGS="-fpie" +# %endif +# PIE_FLAGS.s390 = -fPIE +# PIE_FLAGS.i386 = -fpie +# SEC_FLAGS += $(PIE_FLAGS.$(ARCH)) +OPTIONS_CFLAGS += -fpie +endif + +ifneq ($(USE_STACKPROTECTOR),) +OPTIONS_CFLAGS += -DUSE_STACKPROTECTOR +BUILD_OPTIONS += $(call ignore_implicit,USE_STACKPROTECTOR) +OPTIONS_CFLAGS += -fstack-protector +endif + +ifneq ($(USE_RELRO_NOW),) +OPTIONS_CFLAGS += -DUSE_RELRO_NOW +BUILD_OPTIONS += $(call ignore_implicit,USE_RELRO_NOW) +OPTIONS_LDFLAGS += -Wl,-z,relro,-z,now +endif + # This one can be changed to look for ebtree files in an external directory EBTREE_DIR := ebtree ++++++ haproxy-1.2.16_config_haproxy_user.patch -> haproxy-1.6.0_config_haproxy_user.patch ++++++ --- /work/SRC/openSUSE:Factory/haproxy/haproxy-1.2.16_config_haproxy_user.patch 2014-06-25 15:24:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy-1.6.0_config_haproxy_user.patch 2015-11-12 19:41:14.000000000 +0100 @@ -1,32 +1,95 @@ -Index: examples/examples.cfg +Index: haproxy-1.6.0/examples/acl-content-sw.cfg =================================================================== ---- examples/examples.cfg.orig -+++ examples/examples.cfg -@@ -3,8 +3,8 @@ - # log 127.0.0.1 local1 - maxconn 4000 - ulimit-n 8000 -- uid 0 -- gid 0 +--- haproxy-1.6.0.orig/examples/acl-content-sw.cfg ++++ haproxy-1.6.0/examples/acl-content-sw.cfg +@@ -5,9 +5,9 @@ global + log loghost local0 + log localhost local0 err + maxconn 250 +- uid 71 +- gid 71 +- chroot /var/empty + user haproxy + group haproxy - # chroot /tmp - # nbproc 2 - # daemon -Index: examples/haproxy.cfg -=================================================================== ---- examples/haproxy.cfg.orig -+++ examples/haproxy.cfg -@@ -5,9 +5,9 @@ - log 127.0.0.1 local1 notice - #log loghost local0 info - maxconn 4096 -- chroot /usr/share/haproxy -- uid 99 -- gid 99 ++ chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + daemon + quiet +Index: haproxy-1.6.0/examples/auth.cfg +=================================================================== +--- haproxy-1.6.0.orig/examples/auth.cfg ++++ haproxy-1.6.0/examples/auth.cfg +@@ -1,7 +1,7 @@ + global +-# chroot /var/empty/ +-# uid 451 +-# gid 451 ++ user haproxy ++ group haproxy ++ chroot /var/lib/haproxy + log 192.168.131.214:8514 local4 debug + maxconn 8192 + +Index: haproxy-1.6.0/examples/content-sw-sample.cfg +=================================================================== +--- haproxy-1.6.0.orig/examples/content-sw-sample.cfg ++++ haproxy-1.6.0/examples/content-sw-sample.cfg +@@ -11,9 +11,9 @@ global + maxconn 10000 + stats socket /var/run/haproxy.stat mode 600 level admin + log 127.0.0.1 local0 +- uid 200 +- gid 200 +- chroot /var/empty ++ user haproxy ++ group haproxy ++ chroot /var/lib/haproxy + daemon + + # The public 'www' address in the DMZ +Index: haproxy-1.6.0/examples/option-http_proxy.cfg +=================================================================== +--- haproxy-1.6.0.orig/examples/option-http_proxy.cfg ++++ haproxy-1.6.0/examples/option-http_proxy.cfg +@@ -6,9 +6,9 @@ global + maxconn 20000 + ulimit-n 16384 + log 127.0.0.1 local0 +- uid 200 +- gid 200 +- chroot /var/empty + chroot /var/lib/haproxy + user haproxy + group haproxy - daemon - #debug - #quiet + nbproc 4 + daemon + +Index: haproxy-1.6.0/examples/ssl.cfg +=================================================================== +--- haproxy-1.6.0.orig/examples/ssl.cfg ++++ haproxy-1.6.0/examples/ssl.cfg +@@ -4,6 +4,9 @@ + + global + maxconn 100 ++ chroot /var/lib/haproxy ++ user haproxy ++ group haproxy + + defaults + mode http +Index: haproxy-1.6.0/examples/transparent_proxy.cfg +=================================================================== +--- haproxy-1.6.0.orig/examples/transparent_proxy.cfg ++++ haproxy-1.6.0/examples/transparent_proxy.cfg +@@ -6,6 +6,10 @@ + # + + global ++ chroot /var/lib/haproxy ++ user haproxy ++ group haproxy ++ + defaults + timeout client 30s + timeout server 30s ++++++ haproxy-1.5.14.tar.gz -> haproxy-1.6.2.tar.gz ++++++ ++++ 95063 lines of diff (skipped) ++++++ haproxy.cfg ++++++ global log /dev/log daemon maxconn 32768 chroot /var/lib/haproxy user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator tune.bufsize 32768 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH defaults log global mode http option log-health-checks option log-separate-errors option dontlog-normal option dontlognull option httplog option socket-stats retries 3 option redispatch maxconn 10000 timeout connect 5s timeout client 50s timeout server 450s listen stats bind 0.0.0.0:80 bind :::80 v6only stats enable stats uri / stats refresh 5s rspadd Server:\ haproxy/1.6