[I erronously had posted this question on stackoverflow]
On my debian buster server I had a perfecly working haproxy (v1.8), which I use for managing certificates for my web sites.
haproxy listens to port 443, and passes requests to a varnish+apache system.
When upgrading to debian bullseye, the haproxy (v2.2) service doesn't start any more, and the log says:
haproxy[46308]: [ALERT] 048/004148 (46308) : parsing [/etc/haproxy/haproxy.cfg:46] : The 'reqadd' directive is not supported anymore since HAProxy 2.1. Use 'http-r
equest add-header' instead.
The haproxy.cfg lines responsible for this behaviour are
frontend https
# Bind 443 with the generated letsencrypt cert.
bind *:443 ssl crt /etc/letsencrypt/live/qumran2/haproxy.pem
# set x-forward to https
reqadd X-Forwarded-Proto:\ https <-----------|
# set X-SSL in case of ssl_fc <- explained below
http-request set-header X-SSL %[ssl_fc]
# Select a Challenge
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# Use the challenge backend if the challenge is set
default_backend www-backend
I understand that I must change the reqadd X-Forwarded-Proto:\ https line, but how?
The docs say:
http-request add-header <name> <fmt> [ { if | unless } <condition> ]
This appends an HTTP header field whose name is specified in <name> and
whose value is defined by <fmt> which follows the log-format rules (see
Custom Log Format in section 8.2.4). This is particularly useful to pass
connection-specific information to the server (e.g. the client's SSL
certificate), or to combine several headers into one. This rule is not
final, so it is possible to add other similar rules. Note that header
addition is performed immediately, so one rule might reuse the resulting
header from a previous rule.
I can't understand how should I write the equivalent http-request add-header...
