Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / c75660010372457e91eaedeb6b761241a594479b^! / . / doc / configuration.txt
commitc75660010372457e91eaedeb6b761241a594479b[log] [tgz]
authorOlivier Houchard <cognet@ci0.org>Tue Nov 20 23:33:50 2018 +0100
committerWilly Tarreau <w@1wt.eu>Thu Nov 22 19:50:08 2018 +0100
treed2683324243012a7944ae4fe206caf0f720bf67d
parentbeb859abcebf2dc1b025b7bb83e53a28192ea6e9 [diff] [blame]
MINOR: server: Add "alpn" and "npn" keywords.

Add new keywords to "server" lines, alpn and npn.
If set, when connecting through SSL, those alpn/npn will be negociated
during the SSL handshake.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index b349464..30ba032 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -11513,6 +11513,20 @@
 
   See also the "agent-check" and "agent-inter" parameters.
 
+alpn <protocols>
+  This enables the TLS ALPN extension and advertises the specified protocol
+  list as supported on top of ALPN. The protocol list consists in a comma-
+  delimited list of protocol names, for instance: "http/1.1,http/1.0" (without
+  quotes). This requires that the SSL library is build with support for TLS
+  extensions enabled (check with haproxy -vv). The ALPN extension replaces the
+  initial NPN extension. ALPN is required to connect to HTTP/2 servers.
+  Versions of OpenSSL prior to 1.0.2 didn't support ALPN and only supposed the
+  now obsolete NPN extension.
+  If both HTTP/2 and HTTP/1.1 are expected to be supported, both versions can
+  be advertised, in order of preference, like below :
+
+       server 127.0.0.1:443 ssl crt pub.pem alpn h2,http/1.1
+
 backup
   When "backup" is present on a server line, the server is only used in load
   balancing when all other non-backup servers are unavailable. Requests coming
@@ -11890,6 +11904,15 @@
   This may be used in conjunction with backup to ensure that
   stick-table persistence is disabled for backup servers.
 
+npn <protocols>
+  This enables the NPN TLS extension and advertises the specified protocol list
+  as supported on top of NPN. The protocol list consists in a comma-delimited
+  list of protocol names, for instance: "http/1.1,http/1.0" (without quotes).
+  This requires that the SSL library is build with support for TLS extensions
+  enabled (check with haproxy -vv). Note that the NPN extension has been
+  replaced with the ALPN extension (see the "alpn" keyword), though this one is
+  only available starting with OpenSSL 1.0.2.
+
 observe <mode>
   This option enables health adjusting based on observing communication with
   the server. By default this functionality is disabled and enabling it also