[I erronously had posted this question on stackoverflow]
On my debian buster server I had a perfecly working haproxy (v1.8), which I use for managing certificates for my web sites.
haproxy listens to port 443, and passes requests to a varnish+apache system.
When upgrading to debian bullseye, the haproxy (v2.2) service doesn't start any more, and the log says:
haproxy[46308]: [ALERT] 048/004148 (46308) : parsing [/etc/haproxy/haproxy.cfg:46] : The
equest add-header
The haproxy.cfg lines responsible for this behaviour are
frontend https
bind *:443 ssl crt /etc/letsencrypt/live/qumran2/haproxy.pem
reqadd X-Forwarded-Proto:\ https <-----------|
http-request set-header X-SSL %[ssl_fc]
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
default_backend www-backend
I understand that I must change the reqadd X-Forwarded-Proto:\ https
line, but how?
The docs say:
http-request add-header <name> <fmt> [ { if | unless } <condition> ]
This appends an HTTP header field whose name is specified in <name> and
whose value is defined by <fmt> which follows the log-format rules (see
Custom Log Format in section 8.2.4). This is particularly useful to pass
connection-specific information to the server (e.g. the client's SSL
certificate), or to combine several headers into one. This rule is not
final, so it is possible to add other similar rules. Note that header
addition is performed immediately, so one rule might reuse the resulting
header from a previous rule.
I can't understand how should I write the equivalent http-request add-header
...