diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-05-19 09:57:11 +0000 |
|---|---|---|
| committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-05-19 09:57:11 +0000 |
| commit | e201bd35511e1a000ffa21a4194d234634cfd76c (patch) | |
| tree | dc5a8d347868a518c0bc35b0c3cee7e1d86c021b /interface-definitions/load-balancing-haproxy.xml.in | |
| parent | e164b6e4654eba24d7d4a6aadae69da67661858f (diff) | |
| download | vyos-1x-e201bd35511e1a000ffa21a4194d234634cfd76c.tar.gz vyos-1x-e201bd35511e1a000ffa21a4194d234634cfd76c.zip | |
T5222: Refactoring load-balancing reverse-proxy
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
Diffstat (limited to 'interface-definitions/load-balancing-haproxy.xml.in')
| -rw-r--r-- | interface-definitions/load-balancing-haproxy.xml.in | 141 |
1 files changed, 67 insertions, 74 deletions
diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in index f0c0ee8ce..e295dcb63 100644 --- a/interface-definitions/load-balancing-haproxy.xml.in +++ b/interface-definitions/load-balancing-haproxy.xml.in @@ -7,9 +7,9 @@ <help>Configure reverse-proxy</help> </properties> <children> - <tagNode name="server"> + <tagNode name="service"> <properties> - <help>Frontend server name</help> + <help>Frontend service name</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> @@ -37,7 +37,7 @@ #include <include/listen-address.xml.i> #include <include/haproxy/mode.xml.i> #include <include/port-number.xml.i> - #include <include/haproxy/rule.xml.i> + #include <include/haproxy/rule-frontend.xml.i> <leafNode name="redirect-http-to-https"> <properties> <help>Redirect HTTP to HTTPS</help> @@ -102,7 +102,7 @@ </leafNode> </children> </node> - #include <include/haproxy/rule.xml.i> + #include <include/haproxy/rule-backend.xml.i> <tagNode name="server"> <properties> <help>Backend server name</help> @@ -161,78 +161,71 @@ </constraint> </properties> </leafNode> - <node name="tls"> + <leafNode name="ssl-bind-ciphers"> <properties> - <help>Transport Layer Security (TLS) options</help> + <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> + <completionHelp> + <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> + </completionHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes128-gcm-sha256</format> + <description>ecdhe-ecdsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes128-gcm-sha256</format> + <description>ecdhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes256-gcm-sha384</format> + <description>ecdhe-ecdsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes256-gcm-sha384</format> + <description>ecdhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-chacha20-poly1305</format> + <description>ecdhe-ecdsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-chacha20-poly1305</format> + <description>ecdhe-rsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes128-gcm-sha256</format> + <description>dhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes256-gcm-sha384</format> + <description>dhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <constraint> + <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> + </constraint> + <multi/> </properties> - <children> - <leafNode name="ssl-bind-ciphers"> - <properties> - <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> - <completionHelp> - <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> - </completionHelp> - <valueHelp> - <format>ecdhe-ecdsa-aes128-gcm-sha256</format> - <description>ecdhe-ecdsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-aes128-gcm-sha256</format> - <description>ecdhe-rsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>ecdhe-ecdsa-aes256-gcm-sha384</format> - <description>ecdhe-ecdsa-aes256-gcm-sha384</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-aes256-gcm-sha384</format> - <description>ecdhe-rsa-aes256-gcm-sha384</description> - </valueHelp> - <valueHelp> - <format>ecdhe-ecdsa-chacha20-poly1305</format> - <description>ecdhe-ecdsa-chacha20-poly1305</description> - </valueHelp> - <valueHelp> - <format>ecdhe-rsa-chacha20-poly1305</format> - <description>ecdhe-rsa-chacha20-poly1305</description> - </valueHelp> - <valueHelp> - <format>dhe-rsa-aes128-gcm-sha256</format> - <description>dhe-rsa-aes128-gcm-sha256</description> - </valueHelp> - <valueHelp> - <format>dhe-rsa-aes256-gcm-sha384</format> - <description>dhe-rsa-aes256-gcm-sha384</description> - </valueHelp> - <constraint> - <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> - </constraint> - <multi/> - </properties> - <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> - </leafNode> - <leafNode name="tls-version-min"> - <properties> - <help>Specify the minimum required TLS version</help> - <completionHelp> - <list>1.2 1.3</list> - </completionHelp> - <valueHelp> - <format>1.2</format> - <description>TLS v1.2</description> - </valueHelp> - <valueHelp> - <format>1.3</format> - <description>TLS v1.3</description> - </valueHelp> - <constraint> - <regex>(1.2|1.3)</regex> - </constraint> - </properties> - <defaultValue>1.3</defaultValue> - </leafNode> - </children> - </node> + <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> + </leafNode> + <leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + </properties> + <defaultValue>1.3</defaultValue> + </leafNode> </children> </node> #include <include/interface/vrf.xml.i> |