mirror of
http://git.haproxy.org/git/haproxy.git
synced 2026-02-05 05:03:44 +02:00
MINOR: global: generate random cluster.secret if not defined
If no cluster-secret is defined by the user, a random one is silently generated. This ensures that at least QUIC Retry tokens are generated if abnormal conditions are detected. However, it is advisable to specify it in the configuration for tokens to be valid even after a reload or across LBs instances in the same cluster. This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle
@@ -1239,8 +1239,11 @@ cluster-secret <secret>
|
||||
same cluster. It could be used for different usages. It is at least used to
|
||||
derive stateless reset tokens for all the QUIC connections instantiated by
|
||||
this process. This is also the case to derive secrets used to encrypt Retry
|
||||
tokens. If you do not set this parameter, the stateless reset and Retry QUIC
|
||||
features will be both silently disabled.
|
||||
tokens.
|
||||
|
||||
If this parameter is not set, a random value will be selected on process
|
||||
startup. This allows to use features which rely on it, albeit with some
|
||||
limitations.
|
||||
|
||||
cpu-map [auto:]<thread-group>[/<thread-set>] <cpu-set>...
|
||||
On some operating systems, it is possible to bind a thread group or a thread
|
||||
|
||||
Reference in New Issue
Block a user