|
2 | 2 | <html lang="en"> |
3 | 3 | <head> |
4 | 4 | <meta charset="utf-8" /> |
5 | | - <title>HAProxy version 3.2-dev0-81 - Management Guide</title> |
| 5 | + <title>HAProxy version 3.2-dev0-92 - Management Guide</title> |
6 | 6 | <link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" /> |
7 | 7 | <link href="https://raw.githubusercontent.com/thomaspark/bootswatch/v3.3.7/cerulean/bootstrap.min.css" rel="stylesheet" /> |
8 | 8 | <link href="../css/page.css?0.4.2-15" rel="stylesheet" /> |
|
654 | 654 | You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br> |
655 | 655 | </p> |
656 | 656 | <p class="text-right"> |
657 | | - <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/12/09</b></small> |
| 657 | + <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.4.2-15</b> on <b>2024/12/10</b></small> |
658 | 658 | </p> |
659 | 659 | </div> |
660 | 660 | <!-- /.sidebar --> |
|
665 | 665 | <div class="text-center"> |
666 | 666 | <h1><a href="http://www.haproxy.org/" title="HAProxy"><img src="../img/HAProxyCommunityEdition_60px.png?0.4.2-15" /></a></h1> |
667 | 667 | <h2>Management Guide</h2> |
668 | | - <p><strong>version 3.2-dev0-81</strong></p> |
| 668 | + <p><strong>version 3.2-dev0-92</strong></p> |
669 | 669 | <p> |
670 | 670 | <br> |
671 | 671 |
|
@@ -4372,38 +4372,42 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.< |
4372 | 4372 | </code></pre> |
4373 | 4373 | </div><a class="anchor" name="show"></a><a class="anchor" name="9-show"></a><a class="anchor" name="9.3-show"></a><a class="anchor" name="show (Statistics and monitoring)"></a><a class="anchor" name="show (Unix Socket commands)"></a><a class="anchor" name="show ssl"></a><a class="anchor" name="9-show ssl"></a><a class="anchor" name="9.3-show ssl"></a><a class="anchor" name="show ssl (Statistics and monitoring)"></a><a class="anchor" name="show ssl (Unix Socket commands)"></a><a class="anchor" name="show ssl sni"></a><a class="anchor" name="9-show ssl sni"></a><a class="anchor" name="9.3-show ssl sni"></a><a class="anchor" name="show ssl sni (Statistics and monitoring)"></a><a class="anchor" name="show ssl sni (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="show ssl sni"></a><a href="#9.3-show%20ssl%20sni">show ssl sni</a></b> <span style="color: #008">[-f <span style="color: #080"><frontend></span>]</span></div><pre class="text">Dump every SNI configured for the designated frontend, or all frontends if no |
4374 | 4374 | frontend was specified. It allows to see what SNI are offered for a frontend, |
4375 | | -and to identify if a SNI is defined multiple time by multiple certificates for |
| 4375 | +and to identify if a SNI is defined multiple times by multiple certificates for |
4376 | 4376 | the same frontend. |
4377 | 4377 |
|
4378 | 4378 | Columns are separated by a single \t, allowing to parse it simply. |
4379 | 4379 |
|
4380 | | -The frontend/bind column shows the frontend name followed by the bind line |
4381 | | -position in the configuration (file:linenum). |
4382 | | - |
4383 | | -The SNI column shows the SNI, it can be either a CN, a SAN or a positive |
4384 | | -filter from a crt-list. Negative filters are not displayed. |
4385 | | - |
4386 | | -The 'type' column shows the encryption algorithm type, it can be "rsa", "ecdsa" or "dsa". |
| 4380 | +The 'Frontend/Bind' column shows the frontend name followed by the bind line |
| 4381 | +position in the configuration (frontend/file:linenum). |
4387 | 4382 |
|
| 4383 | +The 'SNI' column shows the SNI, it can be either a CN, a SAN or a filter from a crt-list. |
4388 | 4384 | The default certificates of a bind line, (which are either declared |
4389 | 4385 | explicitely by 'default-crt' or is implicitely the first certificate of a bind |
4390 | 4386 | line when no 'strict-sni' is used) shows the '*' character in the SNI column. |
4391 | 4387 |
|
4392 | | -The 'filename' column can be either a filename from the configuration, or an |
4393 | | -alias declarated in a crt-store. |
| 4388 | +The 'Negative Filter' column is the list of negative filters associated to a |
| 4389 | +wildcard, this will show all negatives filters that are on the same crt-list |
| 4390 | +line. A dash character is displayed if there are none. |
| 4391 | + |
| 4392 | +The 'Type' column shows the encryption algorithm type, it can be "rsa", "ecdsa" or "dsa". |
| 4393 | + |
| 4394 | +The 'Filename' column can be either a filename from the configuration, or an |
| 4395 | +alias declared in a crt-store. |
4394 | 4396 |
|
4395 | 4397 | The 'NotAfter' and 'NotBefore' columns are directly extracted from the X509 |
4396 | 4398 | leaf certificate. |
4397 | 4399 | </pre><div class="separator"> |
4398 | 4400 | <span class="label label-success">Example:</span> |
4399 | 4401 | <pre class="prettyprint"> |
4400 | 4402 | <code>$ echo "@1 show ssl sni" | socat /var/run/haproxy-master.sock - | column -t -s $'\t' |
4401 | | -<span class="comment"># Frontend/Bind SNI Type Filename NotAfter NotBefore</span> |
4402 | | -li1/haproxy.cfg:10021 machine10 rsa machine10.pem.rsa Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
4403 | | -li1/haproxy.cfg:10021 machine10 ecdsa machine10.pem.ecdsa Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
4404 | | -li1/haproxy.cfg:10021 localhost rsa localhost.pem.rsa Jun 13 13:37:11 2024 GMT May 14 13:37:11 2024 GMT |
4405 | | -li1/haproxy.cfg:10021 localhost ecdsa localhost.pem.ecdsa Jun 13 13:37:10 2024 GMT May 14 13:37:10 2024 GMT |
4406 | | -li1/haproxy.cfg:10021 * rsa localhost.pem.rsa Jun 13 13:37:11 2024 GMT May 14 13:37:11 2024 GMT |
| 4403 | +<span class="comment"># Frontend/Bind SNI Negative Filter Type Filename NotAfter NotBefore</span> |
| 4404 | +li1/haproxy.cfg:10021 *.ex.lan !m1.ex.lan rsa example.lan.pem Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
| 4405 | +li1/haproxy.cfg:10021 machine10 - ecdsa machine10.pem.ecdsa Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
| 4406 | +li1/haproxy.cfg:10021 machine10 - rsa machine10.pem.rsa Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
| 4407 | +li1/haproxy.cfg:10021 machine10 - ecdsa machine10.pem.ecdsa Jun 13 13:37:21 2024 GMT May 14 13:37:21 2024 GMT |
| 4408 | +li1/haproxy.cfg:10021 localhost - rsa localhost.pem.rsa Jun 13 13:37:11 2024 GMT May 14 13:37:11 2024 GMT |
| 4409 | +li1/haproxy.cfg:10021 localhost - ecdsa localhost.pem.ecdsa Jun 13 13:37:10 2024 GMT May 14 13:37:10 2024 GMT |
| 4410 | +li1/haproxy.cfg:10021 * - rsa localhost.pem.rsa Jun 13 13:37:11 2024 GMT May 14 13:37:11 2024 GMT |
4407 | 4411 | </code></pre> |
4408 | 4412 | </div><a class="anchor" name="show"></a><a class="anchor" name="9-show"></a><a class="anchor" name="9.3-show"></a><a class="anchor" name="show (Statistics and monitoring)"></a><a class="anchor" name="show (Unix Socket commands)"></a><a class="anchor" name="show startup-logs"></a><a class="anchor" name="9-show startup-logs"></a><a class="anchor" name="9.3-show startup-logs"></a><a class="anchor" name="show startup-logs (Statistics and monitoring)"></a><a class="anchor" name="show startup-logs (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="show startup-logs"></a><a href="#9.3-show%20startup-logs">show startup-logs</a></b></div><pre class="text">Dump all messages emitted during the startup of the current haproxy process, |
4409 | 4413 | each startup-logs buffer is unique to its haproxy worker. |
@@ -5431,7 +5435,7 @@ <h2 id="chapter-13.1" data-target="13.1"><small><a class="small" href="#13.1">13 |
5431 | 5435 | <br> |
5432 | 5436 | <hr> |
5433 | 5437 | <div class="text-right"> |
5434 | | - HAProxy 3.2-dev0-81 – Management Guide<br> |
| 5438 | + HAProxy 3.2-dev0-92 – Management Guide<br> |
5435 | 5439 | <small>, </small> |
5436 | 5440 | </div> |
5437 | 5441 | </div> |
|
0 commit comments