From 3c0ef6078b7d5eb58611f877446b087e970e2879 Mon Sep 17 00:00:00 2001 From: r-ricci Date: Thu, 23 Oct 2025 23:50:52 +0200 Subject: [PATCH] The haproxy config does not work for me unless I add the ssl option to the tcp frontend, instead of the http one. --- TLS-ALPN-without-downtime.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TLS-ALPN-without-downtime.md b/TLS-ALPN-without-downtime.md index 636e93e..3d024d4 100644 --- a/TLS-ALPN-without-downtime.md +++ b/TLS-ALPN-without-downtime.md @@ -104,7 +104,7 @@ In this example the PROXY protocol is used between `bk_https` and `fe_https` so # New frontend fe_alpn mode tcp - bind :443 + bind :443 ssl crt /etc/ssl/haproxy.pem tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } use_backend bk_acmesh if { req.ssl_alpn acme-tls/1 } @@ -121,7 +121,7 @@ backend bk_https # Existing, changed from :443 -> 127.0.0.1:8443 frontend fe_https mode http - bind 127.0.0.1:8443 ssl crt /etc/ssl/haproxy.pem accept-proxy + bind 127.0.0.1:8443 accept-proxy # ... ```