Error: failed to parse log-format : format variable 'Tq' is reserved for HTTP mode


#1

Hi Everyone,

I’ve got a working setup where haproxy 1.8.3 successfully balances HTTP traffic. I now want to add TLS / SSL. The result should be, that HTTP and HTTPS work in parallel.

When adding a frontend section for SSL, the configuration fails with:

Parsing [/etc/haproxy/haproxy.cfg.new:27]: failed to parse log-format : format variable 'Tq' is reserved for HTTP mode.

I do have a log-format statement in the defaults:

log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %rc\ %hr\ %hs\ %rt\ %{+Q}r\ %sslc\ %sslv\ body:%[capture.req.hdr(0)]

How can I configured HTTP and HTTPS to work in tandem and keep the log format for HTTP connections?


#2

Even if you use HTTPS, the frontend still needs to be in mode http.


#3

Thanks! Adding mode http to the TLS frontend section resolved the error. Follow-up question: I basically want all of the health checks etc. which I’ve got in place for HTTP to be the same for HTTPS. Do I have to repeat the config directives from the HTTP section or is there any way to “combine” both sections, e.g. have one config for HTTP and HTTPS?


#4

None of this is necessary, you don’t even need a new frontend:

Just add a new bind line for ssl:

frontend blabla
 bind :80
+ bind :443 ssl crt /path/to/certificate.pem
 default_backend backendbla