diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-05-19 12:21:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-19 12:21:29 +0200 |
| commit | a66648596dc126b7bed37d8119ee8faa14909613 (patch) | |
| tree | 4ada4f89dcd395b809b17232846ddf4e557cb5dc /interface-definitions/load-balancing-haproxy.xml.in | |
| parent | 881e7e5710d5011a837d943dc7ae40a3181a6482 (diff) | |
| parent | e201bd35511e1a000ffa21a4194d234634cfd76c (diff) | |
| download | vyos-1x-a66648596dc126b7bed37d8119ee8faa14909613.tar.gz vyos-1x-a66648596dc126b7bed37d8119ee8faa14909613.zip | |
Merge pull request #2012 from sever-sever/T5222-mod
T5222: Refactoring load-balancing reverse-proxy
Diffstat (limited to 'interface-definitions/load-balancing-haproxy.xml.in')
| -rw-r--r-- | interface-definitions/load-balancing-haproxy.xml.in | 141 |
1 files changed, 67 insertions, 74 deletions
diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in index f0c0ee8ce..e295dcb63 100644 --- a/interface-definitions/load-balancing-haproxy.xml.in +++ b/interface-definitions/load-balancing-haproxy.xml.in @@ -7,9 +7,9 @@ <help>Configure reverse-proxy</help> </properties> <children> - <tagNode name="server"> + <tagNode name="service"> <properties> - <help>Frontend server name</help> + <help>Frontend service name</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> @@ -37,7 +37,7 @@ #include <include/listen-address.xml.i> #include <include/haproxy/mode.xml.i> #include <include/port-number.xml.i> - #include <include/haproxy/rule.xml.i> + #include <include/haproxy/rule-frontend.xml.i> <leafNode name="redirect-http-to-https"> <properties> <help>Redirect HTTP to HTTPS</help> @@ -102,7 +102,7 @@ </leafNode> </children> </node> - #include <include/haproxy/rule.xml.i> + #include <include/haproxy/rule-backend.xml.i> <tagNode name="server"> <properties> <help>Backend server name</help> @@ -161,78 +161,71 @@ </constraint> </properties> </leafNode> - <node name="tls"> + <leafNode name="ssl-bind-ciphers"> <properties> - <help>Transport Layer Security (TLS) options</help> + <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> + <completionHelp> + <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> + </completionHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes128-gcm-sha256</format> + <description>ecdhe-ecdsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes128-gcm-sha256</format> + <description>ecdhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes256-gcm-sha384</format> + <description>ecdhe-ecdsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes256-gcm-sha384</format> + <description>ecdhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-chacha20-poly1305</format> + <description>ecdhe-ecdsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-chacha20-poly1305</format> + <description>ecdhe-rsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes128-gcm-sha256</format> + <description>dhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes256-gcm-sha384</format> + <description>dhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <constraint> + <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> + </constraint> + <multi/> </properties> - <children> - <leafNode name="ssl-bind-ciphers"> - <properties> - <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> - <completionHelp> - <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> - </completionHelp> - <valueHelp> - <format>ecdhe-ecdsa-aes128-gcm-sha256</format> - <description>ecdhe-ecdsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-aes128-gcm-sha256</format> - <description>ecdhe-rsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>ecdhe-ecdsa-aes256-gcm-sha384</format> - <description>ecdhe-ecdsa-aes256-gcm-sha384</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-aes256-gcm-sha384</format> - <description>ecdhe-rsa-aes256-gcm-sha384</description> - </valueHelp> - <valueHelp> - <format>ecdhe-ecdsa-chacha20-poly1305</format> - <description>ecdhe-ecdsa-chacha20-poly1305</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-chacha20-poly1305</format> - <description>ecdhe-rsa-chacha20-poly1305</description> - </valueHelp> - <valueHelp> - <format>dhe-rsa-aes128-gcm-sha256</format> - <description>dhe-rsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>dhe-rsa-aes256-gcm-sha384</format> - <description>dhe-rsa-aes256-gcm-sha384</description> - </valueHelp> - <constraint> - <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> - </constraint> - <multi/> - </properties> - <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> - </leafNode> - <leafNode name="tls-version-min"> - <properties> - <help>Specify the minimum required TLS version</help> - <completionHelp> - <list>1.2 1.3</list> - </completionHelp> - <valueHelp> - <format>1.2</format> - <description>TLS v1.2</description> - </valueHelp> - <valueHelp> - <format>1.3</format> - <description>TLS v1.3</description> - </valueHelp> - <constraint> - <regex>(1.2|1.3)</regex> - </constraint> - </properties> - <defaultValue>1.3</defaultValue> - </leafNode> - </children> - </node> + <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> + </leafNode> + <leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + </properties> + <defaultValue>1.3</defaultValue> + </leafNode> </children> </node> #include <include/interface/vrf.xml.i> |