summaryrefslogtreecommitdiff
path: root/interface-definitions/load-balancing-haproxy.xml.in
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-05-19 09:57:11 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-05-19 09:57:11 +0000
commite201bd35511e1a000ffa21a4194d234634cfd76c (patch)
treedc5a8d347868a518c0bc35b0c3cee7e1d86c021b /interface-definitions/load-balancing-haproxy.xml.in
parente164b6e4654eba24d7d4a6aadae69da67661858f (diff)
downloadvyos-1x-e201bd35511e1a000ffa21a4194d234634cfd76c.tar.gz
vyos-1x-e201bd35511e1a000ffa21a4194d234634cfd76c.zip
T5222: Refactoring load-balancing reverse-proxy
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
Diffstat (limited to 'interface-definitions/load-balancing-haproxy.xml.in')
-rw-r--r--interface-definitions/load-balancing-haproxy.xml.in141
1 files changed, 67 insertions, 74 deletions
diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in
index f0c0ee8ce..e295dcb63 100644
--- a/interface-definitions/load-balancing-haproxy.xml.in
+++ b/interface-definitions/load-balancing-haproxy.xml.in
@@ -7,9 +7,9 @@
<help>Configure reverse-proxy</help>
</properties>
<children>
- <tagNode name="server">
+ <tagNode name="service">
<properties>
- <help>Frontend server name</help>
+ <help>Frontend service name</help>
<constraint>
#include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
</constraint>
@@ -37,7 +37,7 @@
#include <include/listen-address.xml.i>
#include <include/haproxy/mode.xml.i>
#include <include/port-number.xml.i>
- #include <include/haproxy/rule.xml.i>
+ #include <include/haproxy/rule-frontend.xml.i>
<leafNode name="redirect-http-to-https">
<properties>
<help>Redirect HTTP to HTTPS</help>
@@ -102,7 +102,7 @@
</leafNode>
</children>
</node>
- #include <include/haproxy/rule.xml.i>
+ #include <include/haproxy/rule-backend.xml.i>
<tagNode name="server">
<properties>
<help>Backend server name</help>
@@ -161,78 +161,71 @@
</constraint>
</properties>
</leafNode>
- <node name="tls">
+ <leafNode name="ssl-bind-ciphers">
<properties>
- <help>Transport Layer Security (TLS) options</help>
+ <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help>
+ <completionHelp>
+ <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes128-gcm-sha256</format>
+ <description>ecdhe-ecdsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes128-gcm-sha256</format>
+ <description>ecdhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes256-gcm-sha384</format>
+ <description>ecdhe-ecdsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes256-gcm-sha384</format>
+ <description>ecdhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-chacha20-poly1305</format>
+ <description>ecdhe-ecdsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-chacha20-poly1305</format>
+ <description>ecdhe-rsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes128-gcm-sha256</format>
+ <description>dhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes256-gcm-sha384</format>
+ <description>dhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex>
+ </constraint>
+ <multi/>
</properties>
- <children>
- <leafNode name="ssl-bind-ciphers">
- <properties>
- <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help>
- <completionHelp>
- <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
- </completionHelp>
- <valueHelp>
- <format>ecdhe-ecdsa-aes128-gcm-sha256</format>
- <description>ecdhe-ecdsa-aes128-gcm-sha256</description>
- </valueHelp>
- <valueHelp>
- <format>ecdhe-rsa-aes128-gcm-sha256</format>
- <description>ecdhe-rsa-aes128-gcm-sha256</description>
- </valueHelp>
- <valueHelp>
- <format>ecdhe-ecdsa-aes256-gcm-sha384</format>
- <description>ecdhe-ecdsa-aes256-gcm-sha384</description>
- </valueHelp>
- <valueHelp>
- <format>ecdhe-rsa-aes256-gcm-sha384</format>
- <description>ecdhe-rsa-aes256-gcm-sha384</description>
- </valueHelp>
- <valueHelp>
- <format>ecdhe-ecdsa-chacha20-poly1305</format>
- <description>ecdhe-ecdsa-chacha20-poly1305</description>
- </valueHelp>
- <valueHelp>
- <format>ecdhe-rsa-chacha20-poly1305</format>
- <description>ecdhe-rsa-chacha20-poly1305</description>
- </valueHelp>
- <valueHelp>
- <format>dhe-rsa-aes128-gcm-sha256</format>
- <description>dhe-rsa-aes128-gcm-sha256</description>
- </valueHelp>
- <valueHelp>
- <format>dhe-rsa-aes256-gcm-sha384</format>
- <description>dhe-rsa-aes256-gcm-sha384</description>
- </valueHelp>
- <constraint>
- <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex>
- </constraint>
- <multi/>
- </properties>
- <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
- </leafNode>
- <leafNode name="tls-version-min">
- <properties>
- <help>Specify the minimum required TLS version</help>
- <completionHelp>
- <list>1.2 1.3</list>
- </completionHelp>
- <valueHelp>
- <format>1.2</format>
- <description>TLS v1.2</description>
- </valueHelp>
- <valueHelp>
- <format>1.3</format>
- <description>TLS v1.3</description>
- </valueHelp>
- <constraint>
- <regex>(1.2|1.3)</regex>
- </constraint>
- </properties>
- <defaultValue>1.3</defaultValue>
- </leafNode>
- </children>
- </node>
+ <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
+ </leafNode>
+ <leafNode name="tls-version-min">
+ <properties>
+ <help>Specify the minimum required TLS version</help>
+ <completionHelp>
+ <list>1.2 1.3</list>
+ </completionHelp>
+ <valueHelp>
+ <format>1.2</format>
+ <description>TLS v1.2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.3</format>
+ <description>TLS v1.3</description>
+ </valueHelp>
+ <constraint>
+ <regex>(1.2|1.3)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>1.3</defaultValue>
+ </leafNode>
</children>
</node>
#include <include/interface/vrf.xml.i>