From: Willy Tarreau <w@1wt.eu>
Date: Tue, 29 Aug 2023 08:22:46 +0000 (+0200)
Subject: DOC: config: mention uid dependency on the tune.quic.socket-owner option
X-Git-Tag: v2.9-dev5~103
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d5f7d94b97aa0cc7153ab0b39b43c81f4024e51;p=thirdparty%2Fhaproxy.git

DOC: config: mention uid dependency on the tune.quic.socket-owner option

This option defaults to "connection" but is also dependent on the user
being allowed to bind the specified port. Since QUIC can easily run on
non-privileged ports, usually this is not a problem, but if bound to port
443 it will usually fail. Let's mention this.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 1b62f88823..9c9d8a7477 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3422,7 +3422,9 @@ tune.quic.socket-owner { listener | connection }
   and cases of transient errors during sendto() operation are handled
   efficiently. However, this relies on some advanced features from the UDP
   network stack. If your platform is deemed not compatible, haproxy will
-  automatically switch to "listener" mode on startup.
+  automatically switch to "listener" mode on startup. Please note that QUIC
+  listeners running on privileged ports may require to run as uid 0, or some
+  OS-specific tuning to permit the target uid to bind such ports.
 
   The "listener" value indicates that QUIC transfers will occur on the shared
   listener socket. This option can be a good compromise for small traffic as it