haproxy/doc
William Dauchy f63704488e MEDIUM: cli/ssl: configure ssl on server at runtime
in the context of a progressive backend migration, we want to be able to
activate SSL on outgoing connections to the server at runtime without
reloading.
This patch adds a `set server ssl` command; in order to allow that:

- add `srv_use_ssl` to `show servers state` command for compatibility,
  also update associated parsing
- when using default-server ssl setting, and `no-ssl` on server line,
  init SSL ctx without activating it
- when triggering ssl API, de/activate SSL connections as requested
- clean ongoing connections as it is done for addr/port changes, without
  checking prior server state

example config:

backend be_foo
  default-server ssl
  server srv0 127.0.0.1:6011 weight 1 no-ssl

show servers state:

  5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - -1

where srv0 can switch to ssl later during the runtime:

  set server be_foo/srv0 ssl on

  5 be_foo 1 srv0 127.0.0.1 2 0 1 1 15 1 0 4 0 0 0 0 - 6011 - 1

Also update existing tests and create a new one.

Signed-off-by: William Dauchy <wdauchy@gmail.com>
2020-11-18 17:22:28 +01:00
..
design-thoughts DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
internals [RELEASE] Released version 2.3-dev7 2020-10-17 10:31:50 +02:00
lua-api DOC: assorted typo fixes in the documentation 2020-06-26 11:27:10 +02:00
51Degrees-device-detection.txt CLEANUP: 51d: move the 51d dummy lib to contrib/51d/src to match the real lib 2019-06-13 15:56:10 +02:00
acl.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00
architecture.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
close-options.txt DOC: fix a few typos in the documentation 2018-11-18 22:23:15 +01:00
coding-style.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
configuration.txt MEDIUM: cli/ssl: configure ssl on server at runtime 2020-11-18 17:22:28 +01:00
cookie-options.txt DOC: fix a few typos in the documentation 2018-11-18 22:23:15 +01:00
DeviceAtlas-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
gpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
haproxy.1 DOC: add description of pidfile in master-worker mode 2020-08-26 18:40:53 +02:00
intro.txt [RELEASE] Released version 2.4-dev0 2020-11-05 17:20:35 +01:00
lgpl.txt [LICENSE] licensing clarifications 2006-06-15 21:48:13 +02:00
linux-syn-cookies.txt DOC: add doc/linux-syn-cookies.txt 2015-08-11 12:17:41 +02:00
lua.txt [RELEASE] Released version 2.3-dev2 2020-07-31 14:48:32 +02:00
management.txt MEDIUM: cli/ssl: configure ssl on server at runtime 2020-11-18 17:22:28 +01:00
netscaler-client-ip-insertion-protocol.txt DOC: fix typos 2019-05-25 07:34:24 +02:00
network-namespaces.txt MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
peers-v2.0.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
peers.txt DOC: peers: Update for dictionary cache entries for peers protocol. 2019-06-07 15:47:54 +02:00
proxy-protocol.txt DOC: Use gender neutral language 2020-07-26 22:35:43 +02:00
queuing.fig [DOC] add diagrams of queuing and future ACL design 2009-02-22 16:46:38 +01:00
regression-testing.txt DOC: assorted typo fixes in the documentation and Makefile 2020-03-06 10:49:55 +01:00
seamless_reload.txt CLEANUP: removed obsolete examples an move a few to better places 2019-06-15 21:25:06 +02:00
SOCKS4.protocol.txt MEDIUM: connection: Upstream SOCKS4 proxy support 2019-05-31 17:24:06 +02:00
SPOE.txt DOC: assorted typo fixes in the documentation 2020-06-26 11:27:10 +02:00
WURFL-device-detection.txt DOC: fix typos 2019-05-25 07:34:24 +02:00