summaryrefslogtreecommitdiff
path: root/interface-definitions/load-balancing_haproxy.xml.in
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2024-10-09 14:55:11 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2024-10-09 15:55:15 +0200
commit90a4827284acd3cb072cdfeef323c522802c6449 (patch)
treeb3ad73ea86bab0f5486b5daf2403d12ab95df0df /interface-definitions/load-balancing_haproxy.xml.in
parent3bc900722892dba525b7cd6bada4e6327b01fffe (diff)
downloadvyos-1x-90a4827284acd3cb072cdfeef323c522802c6449.tar.gz
vyos-1x-90a4827284acd3cb072cdfeef323c522802c6449.zip
haproxy: T6745: Rename `reverse-proxy` to `haproxy`
Diffstat (limited to 'interface-definitions/load-balancing_haproxy.xml.in')
-rw-r--r--interface-definitions/load-balancing_haproxy.xml.in344
1 files changed, 344 insertions, 0 deletions
diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in
new file mode 100644
index 000000000..742272436
--- /dev/null
+++ b/interface-definitions/load-balancing_haproxy.xml.in
@@ -0,0 +1,344 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="load-balancing">
+ <children>
+ <node name="haproxy" owner="${vyos_conf_scripts_dir}/load-balancing_haproxy.py">
+ <properties>
+ <help>Configure haproxy</help>
+ <priority>900</priority>
+ </properties>
+ <children>
+ <tagNode name="service">
+ <properties>
+ <help>Frontend service name</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+ </constraint>
+ <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="backend">
+ <properties>
+ <help>Backend member</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+ </constraint>
+ <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ <valueHelp>
+ <format>txt</format>
+ <description>Name of haproxy backend system</description>
+ </valueHelp>
+ <completionHelp>
+ <path>load-balancing haproxy backend</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/listen-address.xml.i>
+ #include <include/haproxy/logging.xml.i>
+ #include <include/haproxy/mode.xml.i>
+ #include <include/port-number.xml.i>
+ #include <include/haproxy/rule-frontend.xml.i>
+ #include <include/haproxy/tcp-request.xml.i>
+ #include <include/haproxy/http-response-headers.xml.i>
+ <leafNode name="redirect-http-to-https">
+ <properties>
+ <help>Redirect HTTP to HTTPS</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/certificate-multi.xml.i>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <tagNode name="backend">
+ <properties>
+ <help>Backend server name</help>
+ <constraint>
+ #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+ </constraint>
+ <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="balance">
+ <properties>
+ <help>Load-balancing algorithm</help>
+ <completionHelp>
+ <list>source-address round-robin least-connection</list>
+ </completionHelp>
+ <valueHelp>
+ <format>source-address</format>
+ <description>Based on hash of source IP address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>round-robin</format>
+ <description>Round robin</description>
+ </valueHelp>
+ <valueHelp>
+ <format>least-connection</format>
+ <description>Least connection</description>
+ </valueHelp>
+ <constraint>
+ <regex>(source-address|round-robin|least-connection)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>round-robin</defaultValue>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/haproxy/logging.xml.i>
+ #include <include/haproxy/mode.xml.i>
+ #include <include/haproxy/http-response-headers.xml.i>
+ <node name="http-check">
+ <properties>
+ <help>HTTP check configuration</help>
+ </properties>
+ <children>
+ <leafNode name="method">
+ <properties>
+ <help>HTTP method used for health check</help>
+ <completionHelp>
+ <list>options head get post put</list>
+ </completionHelp>
+ <valueHelp>
+ <format>options|head|get|post|put</format>
+ <description>HTTP method used for health checking</description>
+ </valueHelp>
+ <constraint>
+ <regex>(options|head|get|post|put)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="uri">
+ <properties>
+ <help>URI used for HTTP health check (Example: '/' or '/health')</help>
+ <constraint>
+ <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="expect">
+ <properties>
+ <help>Expected response for the health check to pass</help>
+ </properties>
+ <children>
+ <leafNode name="status">
+ <properties>
+ <help>Expected response status code for the health check to pass</help>
+ <valueHelp>
+ <format>u32:200-399</format>
+ <description>Expected response code</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 200-399"/>
+ </constraint>
+ <constraintErrorMessage>Status code must be in range 200-399</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="string">
+ <properties>
+ <help>Expected to be in response body for the health check to pass</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>A string expected to be in the response</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ <leafNode name="health-check">
+ <properties>
+ <help>Non HTTP health check options</help>
+ <completionHelp>
+ <list>ldap mysql pgsql redis smtp</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ldap</format>
+ <description>LDAP protocol check</description>
+ </valueHelp>
+ <valueHelp>
+ <format>mysql</format>
+ <description>MySQL protocol check</description>
+ </valueHelp>
+ <valueHelp>
+ <format>pgsql</format>
+ <description>PostgreSQL protocol check</description>
+ </valueHelp>
+ <valueHelp>
+ <format>redis</format>
+ <description>Redis protocol check</description>
+ </valueHelp>
+ <valueHelp>
+ <format>smtp</format>
+ <description>SMTP protocol check</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ldap|mysql|redis|pgsql|smtp)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/haproxy/rule-backend.xml.i>
+ <tagNode name="server">
+ <properties>
+ <help>Backend server name</help>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <help>Backend server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 unicast peer address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 unicast peer address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ip-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="backup">
+ <properties>
+ <help>Use backup server if other servers are not available</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="check">
+ <properties>
+ <help>Active health check backend server</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ #include <include/port-number.xml.i>
+ <leafNode name="send-proxy">
+ <properties>
+ <help>Send a Proxy Protocol version 1 header (text format)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="send-proxy-v2">
+ <properties>
+ <help>Send a Proxy Protocol version 2 header (binary format)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/ca-certificate.xml.i>
+ <leafNode name="no-verify">
+ <properties>
+ <help>Do not attempt to verify SSL certificates for backend servers</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/haproxy/timeout.xml.i>
+ </children>
+ </tagNode>
+ <node name="global-parameters">
+ <properties>
+ <help>Global perfomance parameters and limits</help>
+ </properties>
+ <children>
+ #include <include/haproxy/logging.xml.i>
+ <leafNode name="max-connections">
+ <properties>
+ <help>Maximum allowed connections</help>
+ <valueHelp>
+ <format>u32:1-2000000</format>
+ <description>Maximum allowed connections</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2000000"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="ssl-bind-ciphers">
+ <properties>
+ <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help>
+ <completionHelp>
+ <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes128-gcm-sha256</format>
+ <description>ecdhe-ecdsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes128-gcm-sha256</format>
+ <description>ecdhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes256-gcm-sha384</format>
+ <description>ecdhe-ecdsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes256-gcm-sha384</format>
+ <description>ecdhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-chacha20-poly1305</format>
+ <description>ecdhe-ecdsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-chacha20-poly1305</format>
+ <description>ecdhe-rsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes128-gcm-sha256</format>
+ <description>dhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes256-gcm-sha384</format>
+ <description>dhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex>
+ </constraint>
+ <multi/>
+ </properties>
+ <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
+ </leafNode>
+ <leafNode name="tls-version-min">
+ <properties>
+ <help>Specify the minimum required TLS version</help>
+ <completionHelp>
+ <list>1.2 1.3</list>
+ </completionHelp>
+ <valueHelp>
+ <format>1.2</format>
+ <description>TLS v1.2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.3</format>
+ <description>TLS v1.3</description>
+ </valueHelp>
+ <constraint>
+ <regex>(1.2|1.3)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>1.3</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/interface/vrf.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>