DOC: config: mention uid dependency on the tune.quic.socket-owner option

This option defaults to "connection" but is also dependent on the user
being allowed to bind the specified port. Since QUIC can easily run on
non-privileged ports, usually this is not a problem, but if bound to port
443 it will usually fail. Let's mention this.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 1b62f88823db1439c42a3f193091c15d2c2e2a8d..9c9d8a747702d460d533ffcf8667b9c3628c1d43 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3422,7 +3422,9 @@ tune.quic.socket-owner { listener | connection }
   and cases of transient errors during sendto() operation are handled
   efficiently. However, this relies on some advanced features from the UDP
   network stack. If your platform is deemed not compatible, haproxy will
-  automatically switch to "listener" mode on startup.
+  automatically switch to "listener" mode on startup. Please note that QUIC
+  listeners running on privileged ports may require to run as uid 0, or some
+  OS-specific tuning to permit the target uid to bind such ports.
 
   The "listener" value indicates that QUIC transfers will occur on the shared
   listener socket. This option can be a good compromise for small traffic as it