Merge remote-tracking branch 'origin/master'

Author: vfarcic

docs/certs.md

@@ -178,7 +178,7 @@ The relevant part of the output is as follows.
 ```
 frontend services
     bind *:80
-    bind *:443 ssl crt /certs/xip.io.pem
+    bind *:443 ssl crt-list /cfg/crt-list.txt
     mode http
 
     acl url_go-demo path_beg /demo
@@ -189,7 +189,7 @@ backend go-demo-be
     server go-demo go-demo:8080
 ```
 
-As you can see, the certificate `xip.io.pem` was added to the `*:443` binding and the proxy is ready to serve HTTPS requests.
+The certificate `xip.io.pem` has been added as an entry in /cfg/crt-list.txt to the `*:443` binding. The proxy is ready to serve HTTPS requests.
 
 Let's confirm that HTTPS works.
 

docs/config.md

@@ -16,7 +16,7 @@ The following environment variables can be used to configure the *Docker Flow Pr
 |CAPTURE_REQUEST_HEADER|Allows capturing specific request headers. This feature is useful if debugging is enabled (e.g. `DEBUG=true`) and the format is customized with `DEBUG_HTTP_FORMAT` or `DEBUG_TCP_FORMAT` to output headers. Header name and lenght in bytes must be separated with colon (e.g. `Host:15`). Multiple headers should be separated with colon (e.g. `Host:15,X-Forwarded-For:20`).<br>**Example:** `Host:15,X-Forwarded-For:20,Referer:15`|
 |CFG_TEMPLATE_PATH  |Path to the configuration template. The path can be absolute (starting with `/`) or relative to `/cfg/tmpl`.<br>**Default value:** `/cfg/tmpl/haproxy.tmpl`|
 |CHECK_RESOLVERS    |Enable `docker` as a resolver. Provides higher reliability at the cost of backend initialization time. If enabled, it might take a few seconds until a backend is resolved and operational.<br>**Default value:** `false`|
-|CERTS              |This parameter is **deprecated** as of February 2017. All the certificates from the `/cets/` directory are now loaded automatically.|
+|CERTS              |This parameter is **deprecated** as of February 2017. All the certificates from the `/certs/` directory are now loaded automatically.|
 |COMPRESSION_ALGO   |Enable HTTP compression. The currently supported algorithms are:<br>**identity**: this is mostly for debugging.<br>**gzip**: applies gzip compression. This setting is only available when support for zlib or libslz was built in.<br>**deflate** same as *gzip*, but with deflate algorithm and zlib format. Note that this algorithm has ambiguous support on many browsers and no support at all from recent ones. It is strongly recommended not to use it for anything else than experimentation. This setting is only available when support for zlib or libslz was built in.<br>**raw-deflate**: same as *deflate* without the zlib wrapper, and used as an alternative when the browser wants "deflate". All major browsers understand it and despite violating the standards, it is known to work better than *deflate*, at least on MSIE and some versions of Safari. This setting is only available when support for zlib or libslz was built in.<br>Compression will be activated depending on the Accept-Encoding request header. With identity, it does not take care of that header. If backend servers support HTTP compression, these directives will be no-op: haproxy will see the compressed response and will not compress again. If backend servers do not support HTTP compression and there is Accept-Encoding header in request, haproxy will compress the matching response.<br>Compression is disabled when:<br>* the request does not advertise a supported compression algorithm in the "Accept-Encoding" header<br>* the response message is not HTTP/1.1<br>* HTTP status code is not 200<br>* response header "Transfer-Encoding" contains "chunked" (Temporary Workaround)<br>* response contain neither a "Content-Length" header nor a "Transfer-Encoding" whose last value is "chunked"<br>* response contains a "Content-Type" header whose first value starts with "multipart"<br>* the response contains the "no-transform" value in the "Cache-control" header<br>* User-Agent matches "Mozilla/4" unless it is MSIE 6 with XP SP2, or MSIE 7 and later<br>* The response contains a "Content-Encoding" header, indicating that the response is already compressed (see compression offload)<br>**Example:** gzip|
 |COMPRESSION_TYPE   |The type of files that will be compressed.<br>**Example:** text/css text/html text/javascript application/javascript text/plain text/xml application/json|
 |CONNECTION_MODE    |HAProxy supports 5 connection modes.<br><br>`http-keep-alive`: all requests and responses are processed.<br>`http-tunnel`: only the first request and response are processed, everything else is forwarded with no analysis.<br>`httpclose`: tunnel with "Connection: close" added in both directions.<br>`http-server-close`: the server-facing connection is closed after the response.<br>`forceclose`: the connection is actively closed after end of response.<br><br>In general, it is preferred to use `http-server-close` with application servers, and some static servers might benefit from `http-keep-alive`.<br>**Example:** `http-server-close`<br>**Default value:** `http-keep-alive`|