DOC: config: mention uid dependency on the tune.quic.socket-owner option This option defaults to "connection" but is also dependent on the user being allowed to bind the specified port. Since QUIC can easily run on non-privileged ports, usually this is not a problem, but if bound to port 443 it will usually fail. Let's mention this. (cherry picked from commit 4d5f7d94b97aa0cc7153ab0b39b43c81f4024e51) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: 2a3d92897a948d7a80da76ad42bd639750c84c50 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Tue Aug 29 10:22:46 2023 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Wed Sep 06 16:29:41 2023 +0200
tree: 7ccfee33045b5ee79f7326dd09cf098b60bee72b
parent: 4678422ee6e601e3288b52d4e65edb8ddeaa35d8 [diff] [blame]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 8d9e74a..bf339f1 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -3382,7 +3382,9 @@
   and cases of transient errors during sendto() operation are handled
   efficiently. However, this relies on some advanced features from the UDP
   network stack. If your platform is deemed not compatible, haproxy will
-  automatically switch to "listener" mode on startup.
+  automatically switch to "listener" mode on startup. Please note that QUIC
+  listeners running on privileged ports may require to run as uid 0, or some
+  OS-specific tuning to permit the target uid to bind such ports.
 
   The "listener" value indicates that QUIC transfers will occur on the shared
   listener socket. This option can be a good compromise for small traffic as it
commit	2a3d92897a948d7a80da76ad42bd639750c84c50	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Tue Aug 29 10:22:46 2023 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Wed Sep 06 16:29:41 2023 +0200
tree	7ccfee33045b5ee79f7326dd09cf098b60bee72b
parent	4678422ee6e601e3288b52d4e65edb8ddeaa35d8 [diff] [blame]