diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-10-09 14:55:11 +0200 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-10-09 15:55:15 +0200 |
commit | 90a4827284acd3cb072cdfeef323c522802c6449 (patch) | |
tree | b3ad73ea86bab0f5486b5daf2403d12ab95df0df /interface-definitions/load-balancing_haproxy.xml.in | |
parent | 3bc900722892dba525b7cd6bada4e6327b01fffe (diff) | |
download | vyos-1x-90a4827284acd3cb072cdfeef323c522802c6449.tar.gz vyos-1x-90a4827284acd3cb072cdfeef323c522802c6449.zip |
haproxy: T6745: Rename `reverse-proxy` to `haproxy`
Diffstat (limited to 'interface-definitions/load-balancing_haproxy.xml.in')
-rw-r--r-- | interface-definitions/load-balancing_haproxy.xml.in | 344 |
1 files changed, 344 insertions, 0 deletions
diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in new file mode 100644 index 000000000..742272436 --- /dev/null +++ b/interface-definitions/load-balancing_haproxy.xml.in @@ -0,0 +1,344 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="load-balancing"> + <children> + <node name="haproxy" owner="${vyos_conf_scripts_dir}/load-balancing_haproxy.py"> + <properties> + <help>Configure haproxy</help> + <priority>900</priority> + </properties> + <children> + <tagNode name="service"> + <properties> + <help>Frontend service name</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="backend"> + <properties> + <help>Backend member</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + <valueHelp> + <format>txt</format> + <description>Name of haproxy backend system</description> + </valueHelp> + <completionHelp> + <path>load-balancing haproxy backend</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + #include <include/generic-description.xml.i> + #include <include/listen-address.xml.i> + #include <include/haproxy/logging.xml.i> + #include <include/haproxy/mode.xml.i> + #include <include/port-number.xml.i> + #include <include/haproxy/rule-frontend.xml.i> + #include <include/haproxy/tcp-request.xml.i> + #include <include/haproxy/http-response-headers.xml.i> + <leafNode name="redirect-http-to-https"> + <properties> + <help>Redirect HTTP to HTTPS</help> + <valueless/> + </properties> + </leafNode> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA</help> + </properties> + <children> + #include <include/pki/certificate-multi.xml.i> + </children> + </node> + </children> + </tagNode> + <tagNode name="backend"> + <properties> + <help>Backend server name</help> + <constraint> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> + </constraint> + <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="balance"> + <properties> + <help>Load-balancing algorithm</help> + <completionHelp> + <list>source-address round-robin least-connection</list> + </completionHelp> + <valueHelp> + <format>source-address</format> + <description>Based on hash of source IP address</description> + </valueHelp> + <valueHelp> + <format>round-robin</format> + <description>Round robin</description> + </valueHelp> + <valueHelp> + <format>least-connection</format> + <description>Least connection</description> + </valueHelp> + <constraint> + <regex>(source-address|round-robin|least-connection)</regex> + </constraint> + </properties> + <defaultValue>round-robin</defaultValue> + </leafNode> + #include <include/generic-description.xml.i> + #include <include/haproxy/logging.xml.i> + #include <include/haproxy/mode.xml.i> + #include <include/haproxy/http-response-headers.xml.i> + <node name="http-check"> + <properties> + <help>HTTP check configuration</help> + </properties> + <children> + <leafNode name="method"> + <properties> + <help>HTTP method used for health check</help> + <completionHelp> + <list>options head get post put</list> + </completionHelp> + <valueHelp> + <format>options|head|get|post|put</format> + <description>HTTP method used for health checking</description> + </valueHelp> + <constraint> + <regex>(options|head|get|post|put)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="uri"> + <properties> + <help>URI used for HTTP health check (Example: '/' or '/health')</help> + <constraint> + <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex> + </constraint> + </properties> + </leafNode> + <node name="expect"> + <properties> + <help>Expected response for the health check to pass</help> + </properties> + <children> + <leafNode name="status"> + <properties> + <help>Expected response status code for the health check to pass</help> + <valueHelp> + <format>u32:200-399</format> + <description>Expected response code</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 200-399"/> + </constraint> + <constraintErrorMessage>Status code must be in range 200-399</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="string"> + <properties> + <help>Expected to be in response body for the health check to pass</help> + <valueHelp> + <format>txt</format> + <description>A string expected to be in the response</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="health-check"> + <properties> + <help>Non HTTP health check options</help> + <completionHelp> + <list>ldap mysql pgsql redis smtp</list> + </completionHelp> + <valueHelp> + <format>ldap</format> + <description>LDAP protocol check</description> + </valueHelp> + <valueHelp> + <format>mysql</format> + <description>MySQL protocol check</description> + </valueHelp> + <valueHelp> + <format>pgsql</format> + <description>PostgreSQL protocol check</description> + </valueHelp> + <valueHelp> + <format>redis</format> + <description>Redis protocol check</description> + </valueHelp> + <valueHelp> + <format>smtp</format> + <description>SMTP protocol check</description> + </valueHelp> + <constraint> + <regex>(ldap|mysql|redis|pgsql|smtp)</regex> + </constraint> + </properties> + </leafNode> + #include <include/haproxy/rule-backend.xml.i> + <tagNode name="server"> + <properties> + <help>Backend server name</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Backend server address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 unicast peer address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 unicast peer address</description> + </valueHelp> + <constraint> + <validator name="ip-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="backup"> + <properties> + <help>Use backup server if other servers are not available</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="check"> + <properties> + <help>Active health check backend server</help> + <valueless/> + </properties> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="send-proxy"> + <properties> + <help>Send a Proxy Protocol version 1 header (text format)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="send-proxy-v2"> + <properties> + <help>Send a Proxy Protocol version 2 header (binary format)</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA</help> + </properties> + <children> + #include <include/pki/ca-certificate.xml.i> + <leafNode name="no-verify"> + <properties> + <help>Do not attempt to verify SSL certificates for backend servers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + #include <include/haproxy/timeout.xml.i> + </children> + </tagNode> + <node name="global-parameters"> + <properties> + <help>Global perfomance parameters and limits</help> + </properties> + <children> + #include <include/haproxy/logging.xml.i> + <leafNode name="max-connections"> + <properties> + <help>Maximum allowed connections</help> + <valueHelp> + <format>u32:1-2000000</format> + <description>Maximum allowed connections</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2000000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="ssl-bind-ciphers"> + <properties> + <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> + <completionHelp> + <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> + </completionHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes128-gcm-sha256</format> + <description>ecdhe-ecdsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes128-gcm-sha256</format> + <description>ecdhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes256-gcm-sha384</format> + <description>ecdhe-ecdsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes256-gcm-sha384</format> + <description>ecdhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-chacha20-poly1305</format> + <description>ecdhe-ecdsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-chacha20-poly1305</format> + <description>ecdhe-rsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes128-gcm-sha256</format> + <description>dhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes256-gcm-sha384</format> + <description>dhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <constraint> + <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> + </constraint> + <multi/> + </properties> + <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> + </leafNode> + <leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + </properties> + <defaultValue>1.3</defaultValue> + </leafNode> + </children> + </node> + #include <include/interface/vrf.xml.i> + </children> + </node> + </children> + </node> +</interfaceDefinition> |