summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/firewall/bridge.rst38
-rw-r--r--docs/configuration/firewall/ipv4.rst50
-rw-r--r--docs/configuration/firewall/ipv6.rst50
-rw-r--r--docs/configuration/loadbalancing/haproxy.rst (renamed from docs/configuration/loadbalancing/reverse-proxy.rst)210
-rw-r--r--docs/configuration/loadbalancing/index.rst2
-rw-r--r--docs/configuration/service/https.rst22
6 files changed, 259 insertions, 113 deletions
diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst
index 39956236..9c360d35 100644
--- a/docs/configuration/firewall/bridge.rst
+++ b/docs/configuration/firewall/bridge.rst
@@ -386,6 +386,44 @@ described in this section:
Match based on VLAN priority (Priority Code Point - PCP). Range is also
supported.
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+ rule <1-999999> set dscp <0-63>
+
+ Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+ rule <1-999999> set mark <1-2147483647>
+
+ Set a specific packet mark value.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+ rule <1-999999> set tcp-mss <500-1460>
+
+ Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+ rule <1-999999> set ttl <0-255>
+
+ Set the TTL (Time to Live) value.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+ rule <1-999999> set hop-limit <0-255>
+
+ Set hop limit value.
+
+.. cfgcmd:: set firewall bridge [forward | output] filter
+ rule <1-999999> set connection-mark <0-2147483647>
+
+ Set connection mark value.
+
+
Use IP firewall
===============
diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst
index abae31a5..419a9339 100644
--- a/docs/configuration/firewall/ipv4.rst
+++ b/docs/configuration/firewall/ipv4.rst
@@ -980,6 +980,56 @@ geoip) to keep database and rules updated.
Match when 'count' amount of connections are seen within 'time'. These
matching criteria can be used to block brute-force attempts.
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+ set dscp <0-63>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ set dscp <0-63>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set dscp <0-63>
+
+ Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+ set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set mark <1-2147483647>
+
+ Set a specific packet mark value.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+ set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set tcp-mss <500-1460>
+
+ Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+ set ttl <0-255>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ set ttl <0-255>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set ttl <0-255>
+
+ Set the TTL (Time to Live) value.
+
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+ set connection-mark <0-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set connection-mark <0-2147483647>
+
+ Set connection mark value.
+
********
Synproxy
********
diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst
index 5f526dac..0c995c12 100644
--- a/docs/configuration/firewall/ipv6.rst
+++ b/docs/configuration/firewall/ipv6.rst
@@ -970,6 +970,56 @@ geoip) to keep database and rules updated.
Match when 'count' amount of connections are seen within 'time'. These
matching criteria can be used to block brute-force attempts.
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+ set dscp <0-63>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+ set dscp <0-63>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+ set dscp <0-63>
+
+ Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+ set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+ set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+ set mark <1-2147483647>
+
+ Set a specific packet mark value.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+ set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+ set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+ set tcp-mss <500-1460>
+
+ Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+ set hop-limit <0-255>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+ set hop-limit <0-255>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+ set hop-limit <0-255>
+
+ Set hop limit value.
+
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+ set connection-mark <0-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+ set connection-mark <0-2147483647>
+
+ Set connection mark value.
+
********
Synproxy
********
diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/haproxy.rst
index 32be85c8..3ce59b35 100644
--- a/docs/configuration/loadbalancing/reverse-proxy.rst
+++ b/docs/configuration/loadbalancing/haproxy.rst
@@ -1,11 +1,11 @@
#############
-Reverse-proxy
+Haproxy
#############
.. include:: /_include/need_improvement.txt
-VyOS reverse-proxy is balancer and proxy server that provides
+Haproxy is a balancer and proxy server that provides
high-availability, load balancing and proxying for TCP (level 4)
and HTTP-based (level 7) applications.
@@ -20,37 +20,37 @@ to be applied and specifies the real servers to be utilized.
Service
-------
-.. cfgcmd:: set load-balancing reverse-proxy service <name> listen-address
+.. cfgcmd:: set load-balancing haproxy service <name> listen-address
<address>
Set service to bind on IP address, by default listen on any IPv4 and IPv6
-.. cfgcmd:: set load-balancing reverse-proxy service <name> port
+.. cfgcmd:: set load-balancing haproxy service <name> port
<port>
Create service `<name>` to listen on <port>
-.. cfgcmd:: set load-balancing reverse-proxy service <name> mode
+.. cfgcmd:: set load-balancing haproxy service <name> mode
<tcp|http>
Configure service `<name>` mode TCP or HTTP
-.. cfgcmd:: set load-balancing reverse-proxy service <name> backend
+.. cfgcmd:: set load-balancing haproxy service <name> backend
<name>
Configure service `<name>` to use the backend <name>
-.. cfgcmd:: set load-balancing reverse-proxy service <name> ssl
+.. cfgcmd:: set load-balancing haproxy service <name> ssl
certificate <name>
Set SSL certificate <name> for service <name>
-.. cfgcmd:: set load-balancing reverse-proxy service <name>
+.. cfgcmd:: set load-balancing haproxy service <name>
http-response-headers <header-name> value <header-value>
Set custom HTTP headers to be included in all responses
-.. cfgcmd:: set load-balancing reverse-proxy service <name> logging facility
+.. cfgcmd:: set load-balancing haproxy service <name> logging facility
<facility> level <level>
Specify facility and level for logging.
@@ -64,12 +64,12 @@ Rules allow to control and route incoming traffic to specific backend based
on predefined conditions. Rules allow to define matching criteria and
perform action accordingly.
-.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
+.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
domain-name <name>
Match domain name
-.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
+.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
ssl <sni>
SSL match Server Name Indication (SNI) option:
@@ -79,7 +79,7 @@ perform action accordingly.
Indication
-.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
+.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
url-path <match> <url>
Allows to define URL path matching rules for a specific service.
@@ -92,12 +92,12 @@ perform action accordingly.
* ``end`` Matches the end of the URL path.
* ``exact`` Requires an exactly match of the URL path
-.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
+.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
set backend <name>
Assign a specific backend to a rule
-.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
+.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
redirect-location <url>
Redirect URL to a new location
@@ -106,7 +106,7 @@ perform action accordingly.
Backend
-------
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> balance
+.. cfgcmd:: set load-balancing haproxy backend <name> balance
<balance>
Load-balancing algorithms to be used for distributed requests among the
@@ -120,54 +120,54 @@ Backend
* ``least-connection`` Distributes requests to the server with the fewest
active connections
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> mode
+.. cfgcmd:: set load-balancing haproxy backend <name> mode
<mode>
Configure backend `<name>` mode TCP or HTTP
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
+.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> address <x.x.x.x>
Set the address of the backend server to which the incoming traffic will
be forwarded
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
+.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> port <port>
Set the address of the backend port
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
+.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> check
Active health check backend server
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
+.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> send-proxy
Send a Proxy Protocol version 1 header (text format)
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
+.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> send-proxy-v2
Send a Proxy Protocol version 2 header (binary format)
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl
+.. cfgcmd:: set load-balancing haproxy backend <name> ssl
ca-certificate <ca-certificate>
Configure requests to the backend server to use SSL encryption and
authenticate backend against <ca-certificate>
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl no-verify
+.. cfgcmd:: set load-balancing haproxy backend <name> ssl no-verify
Configure requests to the backend server to use SSL encryption without
validating server certificate
-.. cfgcmd:: set load-balancing reverse-proxy backend <name>
+.. cfgcmd:: set load-balancing haproxy backend <name>
http-response-headers <header-name> value <header-value>
Set custom HTTP headers to be included in all responses using the backend
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> logging facility
+.. cfgcmd:: set load-balancing haproxy backend <name> logging facility
<facility> level <level>
Specify facility and level for logging.
@@ -180,22 +180,22 @@ Global
Global parameters
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
+.. cfgcmd:: set load-balancing haproxy global-parameters max-connections
<num>
Limit maximum number of connections
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
+.. cfgcmd:: set load-balancing haproxy global-parameters ssl-bind-ciphers
<ciphers>
Limit allowed cipher algorithms used during SSL/TLS handshake
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
+.. cfgcmd:: set load-balancing haproxy global-parameters tls-version-min
<version>
Specify the minimum required TLS version 1.2 or 1.3
-.. cfgcmd:: set load-balancing reverse-proxy global-parameters logging
+.. cfgcmd:: set load-balancing haproxy global-parameters logging
facility <facility> level <level>
Specify facility and level for logging.
@@ -212,22 +212,22 @@ HTTP checks
For web application providing information about their state HTTP health
checks can be used to determine their availability.
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+.. cfgcmd:: set load-balancing haproxy backend <name> http-check
Enables HTTP health checks using OPTION HTTP requests against '/' and
expecting a successful response code in the 200-399 range.
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+.. cfgcmd:: set load-balancing haproxy backend <name> http-check
method <method>
Sets the HTTP method to be used, can be either: option, get, post, put
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+.. cfgcmd:: set load-balancing haproxy backend <name> http-check
uri <path>
Sets the endpoint to be used for health checks
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+.. cfgcmd:: set load-balancing haproxy backend <name> http-check
expect <condition>
Sets the expected result condition for considering a server healthy.
@@ -244,7 +244,7 @@ TCP checks
Health checks can also be configured for TCP mode backends. You can configure
protocol aware checks for a range of Layer 7 protocols:
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol>
+.. cfgcmd:: set load-balancing haproxy backend <name> health-check <protocol>
Available health check protocols:
* ``ldap`` LDAP protocol check.
@@ -261,15 +261,15 @@ protocol aware checks for a range of Layer 7 protocols:
Redirect HTTP to HTTPS
======================
-Configure the load-balancing reverse-proxy service for HTTP.
+Configure the load-balancing haproxy service for HTTP.
This configuration listen on port 80 and redirect incoming
requests to HTTPS:
.. code-block:: none
- set load-balancing reverse-proxy service http port '80'
- set load-balancing reverse-proxy service http redirect-http-to-https
+ set load-balancing haproxy service http port '80'
+ set load-balancing haproxy service http redirect-http-to-https
The name of the service can be different, in this example it is only for
convenience.
@@ -287,17 +287,17 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm.
.. code-block:: none
- set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
- set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
- set load-balancing reverse-proxy service my-tcp-api port '8888'
+ set load-balancing haproxy service my-tcp-api backend 'bk-01'
+ set load-balancing haproxy service my-tcp-api mode 'tcp'
+ set load-balancing haproxy service my-tcp-api port '8888'
- set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
- set load-balancing reverse-proxy backend bk-01 mode 'tcp'
+ set load-balancing haproxy backend bk-01 balance 'round-robin'
+ set load-balancing haproxy backend bk-01 mode 'tcp'
- set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
- set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
- set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
- set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
+ set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11'
+ set load-balancing haproxy backend bk-01 server srv01 port '8881'
+ set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12'
+ set load-balancing haproxy backend bk-01 server srv02 port '8882'
Balancing based on domain name
@@ -315,23 +315,23 @@ to the backend ``bk-api-02``
.. code-block:: none
- set load-balancing reverse-proxy service http description 'bind app listen on 443 port'
- set load-balancing reverse-proxy service http mode 'tcp'
- set load-balancing reverse-proxy service http port '80'
+ set load-balancing haproxy service http description 'bind app listen on 443 port'
+ set load-balancing haproxy service http mode 'tcp'
+ set load-balancing haproxy service http port '80'
- set load-balancing reverse-proxy service http rule 10 domain-name 'node1.example.com'
- set load-balancing reverse-proxy service http rule 10 set backend 'bk-api-01'
- set load-balancing reverse-proxy service http rule 20 domain-name 'node2.example.com'
- set load-balancing reverse-proxy service http rule 20 set backend 'bk-api-02'
+ set load-balancing haproxy service http rule 10 domain-name 'node1.example.com'
+ set load-balancing haproxy service http rule 10 set backend 'bk-api-01'
+ set load-balancing haproxy service http rule 20 domain-name 'node2.example.com'
+ set load-balancing haproxy service http rule 20 set backend 'bk-api-02'
- set load-balancing reverse-proxy backend bk-api-01 description 'My API-1'
- set load-balancing reverse-proxy backend bk-api-01 mode 'tcp'
- set load-balancing reverse-proxy backend bk-api-01 server api01 address '127.0.0.1'
- set load-balancing reverse-proxy backend bk-api-01 server api01 port '4431'
- set load-balancing reverse-proxy backend bk-api-02 description 'My API-2'
- set load-balancing reverse-proxy backend bk-api-02 mode 'tcp'
- set load-balancing reverse-proxy backend bk-api-02 server api01 address '127.0.0.2'
- set load-balancing reverse-proxy backend bk-api-02 server api01 port '4432'
+ set load-balancing haproxy backend bk-api-01 description 'My API-1'
+ set load-balancing haproxy backend bk-api-01 mode 'tcp'
+ set load-balancing haproxy backend bk-api-01 server api01 address '127.0.0.1'
+ set load-balancing haproxy backend bk-api-01 server api01 port '4431'
+ set load-balancing haproxy backend bk-api-02 description 'My API-2'
+ set load-balancing haproxy backend bk-api-02 mode 'tcp'
+ set load-balancing haproxy backend bk-api-02 server api01 address '127.0.0.2'
+ set load-balancing haproxy backend bk-api-02 server api01 port '4432'
Terminate SSL
@@ -357,30 +357,30 @@ connection limit of 4000 and a minimum TLS version of 1.3.
.. code-block:: none
- set load-balancing reverse-proxy service http description 'Force redirect to HTTPS'
- set load-balancing reverse-proxy service http port '80'
- set load-balancing reverse-proxy service http redirect-http-to-https
+ set load-balancing haproxy service http description 'Force redirect to HTTPS'
+ set load-balancing haproxy service http port '80'
+ set load-balancing haproxy service http redirect-http-to-https
- set load-balancing reverse-proxy service https backend 'bk-default'
- set load-balancing reverse-proxy service https description 'listen on 443 port'
- set load-balancing reverse-proxy service https mode 'http'
- set load-balancing reverse-proxy service https port '443'
- set load-balancing reverse-proxy service https ssl certificate 'cert'
- set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000'
+ set load-balancing haproxy service https backend 'bk-default'
+ set load-balancing haproxy service https description 'listen on 443 port'
+ set load-balancing haproxy service https mode 'http'
+ set load-balancing haproxy service https port '443'
+ set load-balancing haproxy service https ssl certificate 'cert'
+ set load-balancing haproxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000'
- set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx'
- set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/'
- set load-balancing reverse-proxy service https rule 20 url-path end '/mail'
- set load-balancing reverse-proxy service https rule 20 url-path exact '/email/bar'
- set load-balancing reverse-proxy service https rule 20 set redirect-location '/postfix/'
+ set load-balancing haproxy service https rule 10 url-path exact '/.well-known/xxx'
+ set load-balancing haproxy service https rule 10 set redirect-location '/certs/'
+ set load-balancing haproxy service https rule 20 url-path end '/mail'
+ set load-balancing haproxy service https rule 20 url-path exact '/email/bar'
+ set load-balancing haproxy service https rule 20 set redirect-location '/postfix/'
- set load-balancing reverse-proxy backend bk-default description 'Default backend'
- set load-balancing reverse-proxy backend bk-default mode 'http'
- set load-balancing reverse-proxy backend bk-default server sr01 address '192.0.2.23'
- set load-balancing reverse-proxy backend bk-default server sr01 port '80'
+ set load-balancing haproxy backend bk-default description 'Default backend'
+ set load-balancing haproxy backend bk-default mode 'http'
+ set load-balancing haproxy backend bk-default server sr01 address '192.0.2.23'
+ set load-balancing haproxy backend bk-default server sr01 port '80'
- set load-balancing reverse-proxy global-parameters max-connections '4000'
- set load-balancing reverse-proxy global-parameters tls-version-min '1.3'
+ set load-balancing haproxy global-parameters max-connections '4000'
+ set load-balancing haproxy global-parameters tls-version-min '1.3'
SSL Bridging
@@ -402,17 +402,17 @@ and checks backend server has a valid certificate trusted by CA ``cacert``
.. code-block:: none
- set load-balancing reverse-proxy service https backend 'bk-bridge-ssl'
- set load-balancing reverse-proxy service https description 'listen on 443 port'
- set load-balancing reverse-proxy service https mode 'http'
- set load-balancing reverse-proxy service https port '443'
- set load-balancing reverse-proxy service https ssl certificate 'cert'
+ set load-balancing haproxy service https backend 'bk-bridge-ssl'
+ set load-balancing haproxy service https description 'listen on 443 port'
+ set load-balancing haproxy service https mode 'http'
+ set load-balancing haproxy service https port '443'
+ set load-balancing haproxy service https ssl certificate 'cert'
- set load-balancing reverse-proxy backend bk-bridge-ssl description 'SSL backend'
- set load-balancing reverse-proxy backend bk-bridge-ssl mode 'http'
- set load-balancing reverse-proxy backend bk-bridge-ssl ssl ca-certificate 'cacert'
- set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
- set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443'
+ set load-balancing haproxy backend bk-bridge-ssl description 'SSL backend'
+ set load-balancing haproxy backend bk-bridge-ssl mode 'http'
+ set load-balancing haproxy backend bk-bridge-ssl ssl ca-certificate 'cacert'
+ set load-balancing haproxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
+ set load-balancing haproxy backend bk-bridge-ssl server sr01 port '443'
Balancing with HTTP health checks
@@ -422,21 +422,21 @@ This configuration enables HTTP health checks on backend servers.
.. code-block:: none
- set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
- set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
- set load-balancing reverse-proxy service my-tcp-api port '8888'
+ set load-balancing haproxy service my-tcp-api backend 'bk-01'
+ set load-balancing haproxy service my-tcp-api mode 'tcp'
+ set load-balancing haproxy service my-tcp-api port '8888'
- set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
- set load-balancing reverse-proxy backend bk-01 mode 'tcp'
+ set load-balancing haproxy backend bk-01 balance 'round-robin'
+ set load-balancing haproxy backend bk-01 mode 'tcp'
- set load-balancing reverse-proxy backend bk-01 http-check method 'get'
- set load-balancing reverse-proxy backend bk-01 http-check uri '/health'
- set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200'
+ set load-balancing haproxy backend bk-01 http-check method 'get'
+ set load-balancing haproxy backend bk-01 http-check uri '/health'
+ set load-balancing haproxy backend bk-01 http-check expect 'status 200'
- set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
- set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
- set load-balancing reverse-proxy backend bk-01 server srv01 check
- set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
- set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
- set load-balancing reverse-proxy backend bk-01 server srv02 check
+ set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11'
+ set load-balancing haproxy backend bk-01 server srv01 port '8881'
+ set load-balancing haproxy backend bk-01 server srv01 check
+ set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12'
+ set load-balancing haproxy backend bk-01 server srv02 port '8882'
+ set load-balancing haproxy backend bk-01 server srv02 check
diff --git a/docs/configuration/loadbalancing/index.rst b/docs/configuration/loadbalancing/index.rst
index 382bd0d7..92dcc622 100644
--- a/docs/configuration/loadbalancing/index.rst
+++ b/docs/configuration/loadbalancing/index.rst
@@ -9,4 +9,4 @@ Load-balancing
:includehidden:
wan
- reverse-proxy
+ haproxy
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst
index af397456..e72e8e8b 100644
--- a/docs/configuration/service/https.rst
+++ b/docs/configuration/service/https.rst
@@ -67,19 +67,22 @@ API
Set a named api key. Every key has the same, full permissions
on the system.
-.. cfgcmd:: set service https api debug
+REST
+====
+
+.. cfgcmd:: set service https api rest
+
+ Enable REST API
+
+.. cfgcmd:: set service https api rest debug
To enable debug messages. Available via :opcmd:`show log` or
:opcmd:`monitor log`
-.. cfgcmd:: set service https api strict
+.. cfgcmd:: set service https api rest strict
Enforce strict path checking.
-.. cfgcmd:: set service https api cors allow-origin <origin>
-
- Allow cross-origin requests from `<origin>`.
-
GraphQL
=======
@@ -105,12 +108,17 @@ GraphQL
Set the byte length of the JWT secret. Default is 32.
+.. cfgcmd:: set service https api graphql cors allow-origin <origin>
+
+ Allow cross-origin requests from `<origin>`.
+
*********************
Example Configuration
*********************
-Set an API-KEY is the minimal configuration to get a working API Endpoint.
+Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint.
.. code-block:: none
set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
+ set service https api rest
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 15:56:24 +0000