From: William Lallemand Date: Thu, 3 Apr 2025 14:03:18 +0000 (+0200) Subject: DOC: configuration: replace "crt" by "ssl-f-use" in listeners X-Git-Tag: v3.2-dev10~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=feb1a9ea17ec57cbaaff170778992948cef74759;p=thirdparty%2Fhaproxy.git DOC: configuration: replace "crt" by "ssl-f-use" in listeners Replace the "crt" keyword from the frontend section with a "ssl-f-use" keyword, "crt" could be ambigous in case we don't want to put a certificate filename. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 7054ca4e5..832b618b0 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -7258,63 +7258,6 @@ cookie [ rewrite | insert | prefix ] [ indirect ] [ nocache ] See also : "balance source", "capture cookie", "server" and "ignore-persist". -crt [ ...]* - Assignate a certificate to the current frontend. - - May be used in the following contexts: tcp, http - - May be used in sections : defaults | frontend | listen | backend - no | yes | yes | no - - Arguments : - supports the following keywords from the bind line - (see Section 5.1. Bind options): - - - allow-0rtt - - alpn - - ca-file - - ca-verify-file - - ciphers - - ciphersuites - - client-sigalgs - - crl-file - - curves - - ecdhe - - no-alpn - - no-ca-names - - npn - - sigalgs - - ssl-min-ver - - ssl-max-ver - - verify - - sslbindconf also supports the following keywords from the crt-store load - keyword (see Section 3.12.1. Load options): - - - key - - ocsp - - issuer - - sctl - - ocsp-update - - Assignate a certificate to a crt-list created automatically with the - frontend name and prefixed by @ (ex: '@frontend1'). - - This implicit crt-list will be assigned to every "ssl" bind lines in a - frontend that does not already have the "crt" or the "crt-list" line. - crt-list commands from the stats socket are effective with this crt-list, so - one could replace, remove or add certificates and SSL options to it. - - Example : - - frontend https - bind :443 ssl - crt foobar.pem.rsa sigalgs "RSA-PSS+SHA256" - crt test.foobar.pem - crt test2.foobar.crt key test2.foobar.key ocsp test2.foobar.ocsp ocsp-update on - - See also : "crt-list" and "crt". - declare capture [ request | response ] len Declares a capture slot. @@ -12656,6 +12599,63 @@ stats admin { if | unless } See also : "stats enable", "stats auth", "stats http-request", section 3.4 about userlists and section 7 about ACL usage. +ssl-f-use [ ...]* + Assignate a certificate to the current frontend. + + May be used in the following contexts: tcp, http + + May be used in sections : defaults | frontend | listen | backend + no | yes | yes | no + + Arguments : + supports the following keywords from the bind line + (see Section 5.1. Bind options): + + - allow-0rtt + - alpn + - ca-file + - ca-verify-file + - ciphers + - ciphersuites + - client-sigalgs + - crl-file + - curves + - ecdhe + - no-alpn + - no-ca-names + - npn + - sigalgs + - ssl-min-ver + - ssl-max-ver + - verify + + sslbindconf also supports the following keywords from the crt-store load + keyword (see Section 3.12.1. Load options): + + - crt + - key + - ocsp + - issuer + - sctl + - ocsp-update + + Assignate a certificate to a crt-list created automatically with the + frontend name and prefixed by @ (ex: '@frontend1'). + + This implicit crt-list will be assigned to every "ssl" bind lines in a + frontend that does not already have the "crt" or the "crt-list" line. + crt-list commands from the stats socket are effective with this crt-list, so + one could replace, remove or add certificates and SSL options to it. + + Example : + + frontend https + bind :443 ssl + ssl-f-use crt foobar.pem.rsa sigalgs "RSA-PSS+SHA256" + ssl-f-use crt test.foobar.pem + ssl-f-use crt test2.foobar.crt key test2.foobar.key ocsp test2.foobar.ocsp ocsp-update on + + See also : "crt-list" and "crt". stats auth : Enable statistics with authentication and grant access to an account