Moving from 1.8 to 2.2 what changes need doing on the config file?

Help!
1

Hi guys, I’ve been running the same configuration for almost 2 years now. I am now moving to HAP 2.2 and was wondering if any of my old settings would not be compatible anymore…

This is the default config file that comes with 2.2 plus the stuff (commented out) that I had on the old server…

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

# OLD global
#    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
#    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
#    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
#    tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


# OLD Defaults
#    option forwardfor
#    option http-server-close
#    maxconn 10000
#    timeout client      600000
#    timeout server      600000
#    timeout connect     8000
#    timeout client      30000
#    timeout server      20000


frontend http
    bind *:80 accept-proxy
    bind *:443 ssl crt /etc/ssl/hapcerts/ accept-proxy
    mode http
    capture request header X-Forwarded-For len 15
    http-request set-header X-Forwarded-Proto https
##    redirect scheme https code 301 if !{ ssl_fc }
##    http-response set-header Strict-Transport-Security max-age=63072000

    default_backend on-proxy-error

 # ACL tractorbeam.com
    acl tractorbeam.com hdr(host) -i tractorbeam.com
    use_backend tractorbeam.com if tractorbeam.com

# Other ACLs removed as they are exactly the same as this one...


# Backend

 backend tractorbeam.com
#    http-request set-header X-Client-IP %[src]
#    redirect scheme https if !{ ssl_fc }
    server tractorbeam.com tractorbeam-com.lxd:80 cookie A check

    backend on-proxy-error
    server on-proxy-error on-proxy-error.lxd:80 cookie A check

Thank you for checking it!

2

You can run haproxy -c -f /path/to/haproxy.conf to see if you have any incompatible or deprecated settings.

3

Thank you @umudatic:
Configuration file is valid

1 Like