upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-19 02:29:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 18
HAProxy - Load balancer
25821 commits 28 branches 408 tags 304 MiB
C 98.1%
Shell 0.9%
Makefile 0.5%
Lua 0.2%
Python 0.1%
Find a file
Christopher Faulet 0a7f3954b5 BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced 
Since the commit 5003ac7fe ("MEDIUM: config: set useful ALPN defaults for
HTTPS and QUIC"), the ALPN is set by default to "h2,http/1.1" for HTTPS
listeners. However, it is in conflict with the forced mux protocol, if
any. Indeed, with "proto" keyword, the mux can be forced. In that case, some
combinations with the default ALPN will triggers connections errors.

For instance, by setting "proto h2", it will not be possible to use the H1
multiplexer. So we must take care to not advertise it in the ALPN. Worse,
since the commit above, most modern HTTP clients will try to use the H2
because it is advertised in the ALPN. By setting "proto h1" on the bind line
will make all the traffic rejected in error.

To fix the issue, and thanks to previous commits, if it is defined, we are
now relying on the ALPN defined by the mux protocol by default. The H1
multiplexer (only the one that can be forced) defines it to "http/1.1" while
the H2 multiplexer defines it to "h2". So by default, if one or another of
these muxes is forced, and if no ALPN is set, the mux ALPN is used.

Other multiplexers are not defining any default ALPN for now, because it is
useless. In addition, only the listeners are concerned because there is no
default ALPN on the server side.Finally, there is no tests performed if the
ALPN is forced on the bind line. It is the user responsibility to properly
configure his listeners (at least for now).

This patch depends on:
  * MINOR: config: Do proto detection for listeners before checks about ALPN
  * MINOR: muxes: Support an optional ALPN string when defining mux protocols

The series must be backported as far as 2.8.
2025-11-20 16:14:52 +01:00
.github CI: github: make install-bin instead of make install 2025-11-18 20:11:23 +01:00
addons MINOR: applet: Add a flag to know an applet is using HTX buffers 2025-08-25 11:11:05 +02:00
admin ADMIN: reload: introduce -vv mode 2025-09-29 19:29:10 +02:00
dev DEV: patchbot: use git reset+checkout instead of pull 2025-10-08 04:38:35 +02:00
doc DOC: acme: add details about key pair generation in ACME section 2025-11-20 12:48:22 +01:00
examples MINOR: mailers: warn if mailers are configured but not actually used 2025-06-27 16:41:18 +02:00
include MINOR: muxes: Support an optional ALPN string when defining mux protocols 2025-11-20 16:14:52 +01:00
reg-tests REGTESTS: ssl: also verify that 0-rtt properly advertises early-data:1 2025-11-19 22:30:31 +01:00
scripts SCRIPTS: build-ssl: fix rpath in AWS-LC install for openssl and bssl bin 2025-11-03 15:04:57 +01:00
src BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced 2025-11-20 16:14:52 +01:00
tests TESTS: quic: add unit-tests for QUIC TX part 2025-09-08 14:49:03 +02:00
.cirrus.yml CI: cirrus-ci: bump FreeBSD image to 14-3 2025-10-09 14:06:48 +02:00
.gitattributes MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes 2021-02-22 18:17:57 +01:00
.gitignore MINOR: tevt/dev: Add term_events tool 2025-01-31 10:41:50 +01:00
.mailmap DOC: update Tim's address in .mailmap 2021-09-16 09:14:14 +02:00
.travis.yml MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws 2024-11-20 12:07:38 +01:00
BRANCHES DOC: clarify the experimental status for certain features 2025-10-17 18:41:13 +02:00
BSDmakefile BUILD: makefile: commit the tiny FreeBSD makefile stub 2023-05-24 17:17:36 +02:00
CHANGELOG [RELEASE] Released version 3.3-dev13 2025-11-14 19:22:46 +01:00
CONTRIBUTING CLEANUP: assorted typo fixes in the code and comments 2025-04-02 11:12:20 +02:00
INSTALL BUILD: makefile: bump the default minimum linux version to 4.17 2025-09-05 09:44:56 +02:00
LICENSE LICENSE: add licence exception for OpenSSL 2012-09-07 13:52:26 +02:00
MAINTAINERS MAJOR: spoe: Let the SPOE back into the game 2024-05-22 09:04:38 +02:00
Makefile BUILD: Makefile: remove halog from install-admin 2025-11-19 16:52:20 +01:00
README.md DOC: change the link to the FreeBSD CI in README.md 2024-06-03 15:21:29 +02:00
SUBVERS BUILD: use format tags in VERDATE and SUBVERS files 2013-12-10 11:22:49 +01:00
VERDATE [RELEASE] Released version 3.3-dev13 2025-11-14 19:22:46 +01:00
VERSION [RELEASE] Released version 3.3-dev13 2025-11-14 19:22:46 +01:00

README.md

HAProxy

alpine/musl AWS-LC openssl no-deprecated Illumos NetBSD FreeBSD VTest

HAProxy logo

HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Installation

The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.

Getting help

The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.

The issue tracker is only for bug reports or feature requests.

Documentation

The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.

Please refer to the following files depending on what you're looking for:

  • INSTALL for instructions on how to build and install HAProxy
  • BRANCHES to understand the project's life cycle and what version to use
  • LICENSE for the project's license
  • CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory:

License

HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.