diff options
author | Nicolas Vollmar <nvollmar@gmail.com> | 2024-04-17 23:53:10 +0200 |
---|---|---|
committer | Nicolas Vollmar <nvollmar@gmail.com> | 2024-04-17 23:53:10 +0200 |
commit | 49178565bbd337f1ac3045a72d599ff3a1917450 (patch) | |
tree | 6a0bc2891d3cf9c952150bf3280bf4f826bb60cb /docs/configuration/loadbalancing | |
parent | a7d11f3bdc1fcbc37957106bca2fe49f56085ae9 (diff) | |
download | vyos-documentation-49178565bbd337f1ac3045a72d599ff3a1917450.tar.gz vyos-documentation-49178565bbd337f1ac3045a72d599ff3a1917450.zip |
T6246: fixes lint warnings
Diffstat (limited to 'docs/configuration/loadbalancing')
-rw-r--r-- | docs/configuration/loadbalancing/reverse-proxy.rst | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 8c22923d..970e084e 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -144,7 +144,8 @@ Backend Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl ca-certificate <ca-certificate> +.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl + ca-certificate <ca-certificate> Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate> @@ -246,6 +247,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm. set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + Balancing based on domain name ------------------------------ The following configuration demonstrates how to use VyOS @@ -329,18 +331,19 @@ connection limit of 4000 and a minimum TLS version of 1.3. SSL Bridging ------------- -The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends -to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to +The following configuration terminates incoming HTTPS traffic on the router, +then re-encrypts the traffic and sends to the backend server via HTTPS. +This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server. -Backend service certificates are checked against the certificate authority specified in the configuration, which -could be an internal CA. +Backend service certificates are checked against the certificate authority +specified in the configuration, which could be an internal CA. The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. -The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend -server has a valid certificate trusted by CA ``cacert`` +The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS +and checks backend server has a valid certificate trusted by CA ``cacert`` .. code-block:: none |