summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2024-06-05 21:27:47 +0200
committerGitHub <noreply@github.com>2024-06-05 21:27:47 +0200
commit411850b9076e5a6638c15e980e094f5f97f74329 (patch)
treede7630a6dc63b5ffe441c7d744dd4524ade5dc48 /docs/configuration
parentccf1e09e345f1f5bd8d2ec37838ad3d267b24cb9 (diff)
parenta5354a65be668f10136b2f65ba1c9a41bf2708ca (diff)
downloadvyos-documentation-411850b9076e5a6638c15e980e094f5f97f74329.tar.gz
vyos-documentation-411850b9076e5a6638c15e980e094f5f97f74329.zip
Merge pull request #1472 from Embezzle/T6434
reverse-proxy: T6434: Support additional health-check protocols
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/loadbalancing/reverse-proxy.rst61
1 files changed, 44 insertions, 17 deletions
diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst
index 3edc4283..9cb49a7f 100644
--- a/docs/configuration/loadbalancing/reverse-proxy.rst
+++ b/docs/configuration/loadbalancing/reverse-proxy.rst
@@ -161,8 +161,34 @@ Backend
Set custom HTTP headers to be included in all responses using the backend
-HTTP health check
-^^^^^^^^^^^^^^^^^
+Global
+-------
+
+Global parameters
+
+.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
+ <num>
+
+ Limit maximum number of connections
+
+.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
+ <ciphers>
+
+ Limit allowed cipher algorithms used during SSL/TLS handshake
+
+.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
+ <version>
+
+ Specify the minimum required TLS version 1.2 or 1.3
+
+
+Health checks
+=============
+
+
+HTTP checks
+-----------
+
For web application providing information about their state HTTP health
checks can be used to determine their availability.
@@ -185,31 +211,32 @@ checks can be used to determine their availability.
expect <condition>
Sets the expected result condition for considering a server healthy.
+
Some possible examples are:
* ``status 200`` Expecting a 200 response code
* ``status 200-399`` Expecting a non-failure response code
* ``string success`` Expecting the string `success` in the response body
-Global
--------
-
-Global parameters
-
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
- <num>
-
- Limit maximum number of connections
+TCP checks
+----------
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
- <ciphers>
+Health checks can also be configured for TCP mode backends. You can configure
+protocol aware checks for a range of Layer 7 protocols:
- Limit allowed cipher algorithms used during SSL/TLS handshake
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol>
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
- <version>
+ Available health check protocols:
+ * ``ldap`` LDAP protocol check.
+ * ``redis`` Redis protocol check.
+ * ``mysql`` MySQL protocol check.
+ * ``pgsql`` PostgreSQL protocol check.
+ * ``smtp`` SMTP protocol check.
- Specify the minimum required TLS version 1.2 or 1.3
+.. note:: If you specify a server to be checked but do not configure a
+ protocol, a basic TCP health check will be attempted. A server shall be
+ deemed online if it responses to a connection attempt with a valid
+ ``SYN/ACK`` packet.
Redirect HTTP to HTTPS