diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-05-17 18:46:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-17 18:46:07 +0200 |
| commit | 9e9794a763e7e56a3a4c0001ea2b5bbc46bbb681 (patch) | |
| tree | ea53b705e7cf44a391a0dbef1323f97b5d735f54 /interface-definitions | |
| parent | 0c91c356183bb33dea0b24c9ccd77b55c15e7ea0 (diff) | |
| parent | 6d0325190fcede5b912c20cfb6ffefab90a3f4f4 (diff) | |
| download | vyos-1x-9e9794a763e7e56a3a4c0001ea2b5bbc46bbb681.tar.gz vyos-1x-9e9794a763e7e56a3a4c0001ea2b5bbc46bbb681.zip | |
Merge pull request #2004 from sever-sever/T5222
T5222: Add load-balancing for web traffic
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/include/haproxy/mode.xml.i | 22 | ||||
| -rw-r--r-- | interface-definitions/include/haproxy/rule.xml.i | 130 | ||||
| -rw-r--r-- | interface-definitions/include/haproxy/timeout.xml.i | 45 | ||||
| -rw-r--r-- | interface-definitions/load-balancing-haproxy.xml.in | 245 |
4 files changed, 442 insertions, 0 deletions
diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i new file mode 100644 index 000000000..672ea65b4 --- /dev/null +++ b/interface-definitions/include/haproxy/mode.xml.i @@ -0,0 +1,22 @@ +<!-- include start from haproxy/mode.xml.i --> +<leafNode name="mode"> + <properties> + <help>Proxy mode</help> + <completionHelp> + <list>http tcp</list> + </completionHelp> + <constraintErrorMessage>invalid value</constraintErrorMessage> + <valueHelp> + <format>http</format> + <description>HTTP proxy mode</description> + </valueHelp> + <valueHelp> + <format>tcp</format> + <description>TCP proxy mode</description> + </valueHelp> + <constraint> + <regex>(http|tcp)</regex> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/rule.xml.i b/interface-definitions/include/haproxy/rule.xml.i new file mode 100644 index 000000000..9d9f63c9c --- /dev/null +++ b/interface-definitions/include/haproxy/rule.xml.i @@ -0,0 +1,130 @@ +<!-- include start from haproxy/rule.xml.i --> +<tagNode name="rule"> + <properties> + <help>Proxy rule number</help> + <valueHelp> + <format>u32:1-10000</format> + <description>Number for this proxy rule</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10000"/> + </constraint> + <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage> + </properties> + <children> + <leafNode name="domain-name"> + <properties> + <help>Domain name to match</help> + <valueHelp> + <format>txt</format> + <description>Domain address to match</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + </leafNode> + <node name="set"> + <properties> + <help>Proxy modifications</help> + </properties> + <children> + <leafNode name="redirect-location"> + <properties> + <help>Set URL location</help> + <valueHelp> + <format>url</format> + <description>Set URL location</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Server name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + <leafNode name="ssl"> + <properties> + <help>SSL match options</help> + <completionHelp> + <list>req-ssl-sni ssl-fc-sni</list> + </completionHelp> + <valueHelp> + <format>req-ssl-sni</format> + <description>SSL Server Name Indication (SNI) request match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni</format> + <description>SSL frontend connection Server Name Indication match</description> + </valueHelp> + <valueHelp> + <format>ssl-fc-sni-end</format> + <description>SSL frontend match end of connection Server Name Indication</description> + </valueHelp> + <constraint> + <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex> + </constraint> + </properties> + </leafNode> + <node name="url-path"> + <properties> + <help>URL path match</help> + </properties> + <children> + <leafNode name="begin"> + <properties> + <help>Begin URL match</help> + <valueHelp> + <format>url</format> + <description>Begin URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="end"> + <properties> + <help>End URL match</help> + <valueHelp> + <format>url</format> + <description>End URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="exact"> + <properties> + <help>Exactly URL match</help> + <valueHelp> + <format>url</format> + <description>Exactly URL</description> + </valueHelp> + <constraint> + <regex>^\/[\w\-.\/]+$</regex> + </constraint> + <constraintErrorMessage>Incorrect URL format</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> +</tagNode> +<!-- include end --> diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i new file mode 100644 index 000000000..250b35683 --- /dev/null +++ b/interface-definitions/include/haproxy/timeout.xml.i @@ -0,0 +1,45 @@ +<!-- include start from haproxy/timeout.xml.i --> +<node name="timeout"> + <properties> + <help>Tiemout options</help> + </properties> + <children> + <leafNode name="check"> + <properties> + <help>Timeout in seconds for established connections</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Check timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="connect"> + <properties> + <help>Set the maximum time to wait for a connection attempt to a server to succeed</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Connect timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + <leafNode name="server"> + <properties> + <help>Set the maximum inactivity time on the server side</help> + <valueHelp> + <format>u32:1-3600</format> + <description>Server timeout in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + </leafNode> + </children> +</node> +<!-- include end --> diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in new file mode 100644 index 000000000..268f4cd18 --- /dev/null +++ b/interface-definitions/load-balancing-haproxy.xml.in @@ -0,0 +1,245 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="load-balancing"> + <children> + <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing-haproxy.py"> + <properties> + <help>Configure reverse-proxy</help> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>Frontend name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="backend"> + <properties> + <help>Backend member</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + <valueHelp> + <format>txt</format> + <description>Backend name</description> + </valueHelp> + <completionHelp> + <path>load-balancing reverse-proxy backend</path> + </completionHelp> + <multi/> + </properties> + </leafNode> + #include <include/generic-description.xml.i> + #include <include/listen-address.xml.i> + #include <include/haproxy/mode.xml.i> + #include <include/port-number.xml.i> + #include <include/haproxy/rule.xml.i> + <leafNode name="redirect-http-to-https"> + <properties> + <help>Redirect HTTP to HTTPS</help> + <valueless/> + </properties> + </leafNode> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA</help> + </properties> + <children> + #include <include/pki/certificate.xml.i> + </children> + </node> + </children> + </tagNode> + <tagNode name="backend"> + <properties> + <help>Backend name</help> + <constraint> + <regex>[-_a-zA-Z0-9]+</regex> + </constraint> + <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> + </properties> + <children> + <leafNode name="balance"> + <properties> + <help>Load-balancing algorithm</help> + <completionHelp> + <list>source-address round-robin least-connection</list> + </completionHelp> + <valueHelp> + <format>source-address</format> + <description>Based on hash of source IP address</description> + </valueHelp> + <valueHelp> + <format>round-robin</format> + <description>Round robin</description> + </valueHelp> + <valueHelp> + <format>least-connection</format> + <description>Least connection</description> + </valueHelp> + <constraint> + <regex>(source-address|round-robin|least-connection)</regex> + </constraint> + </properties> + <defaultValue>round-robin</defaultValue> + </leafNode> + #include <include/generic-description.xml.i> + #include <include/haproxy/mode.xml.i> + <node name="parameters"> + <properties> + <help>Backend parameters</help> + </properties> + <children> + <leafNode name="http-check"> + <properties> + <help>HTTP health check</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + #include <include/haproxy/rule.xml.i> + <tagNode name="server"> + <properties> + <help>Backend server name</help> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>Backend server address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 unicast peer address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 unicast peer address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="check"> + <properties> + <help>Active health check backend server</help> + <valueless/> + </properties> + </leafNode> + #include <include/port-number.xml.i> + </children> + </tagNode> + <node name="ssl"> + <properties> + <help>SSL Certificate, SSL Key and CA</help> + </properties> + <children> + #include <include/pki/ca-certificate.xml.i> + </children> + </node> + #include <include/haproxy/timeout.xml.i> + </children> + </tagNode> + <node name="global-parameters"> + <properties> + <help>Global perfomance parameters and limits</help> + </properties> + <children> + <leafNode name="max-connections"> + <properties> + <help>Maximum allowed connections</help> + <valueHelp> + <format>u32:1-2000000</format> + <description>Maximum allowed connections</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2000000"/> + </constraint> + </properties> + </leafNode> + <node name="tls"> + <properties> + <help>Transport Layer Security (TLS) options</help> + </properties> + <children> + <leafNode name="ssl-bind-ciphers"> + <properties> + <help>SSL default bind ciphers</help> + <completionHelp> + <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> + </completionHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes128-gcm-sha256</format> + <description>ecdhe-ecdsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes128-gcm-sha256</format> + <description>ecdhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-aes256-gcm-sha384</format> + <description>ecdhe-ecdsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-aes256-gcm-sha384</format> + <description>ecdhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <valueHelp> + <format>ecdhe-ecdsa-chacha20-poly1305</format> + <description>ecdhe-ecdsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>ecdhe-rsa-chacha20-poly1305</format> + <description>ecdhe-rsa-chacha20-poly1305</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes128-gcm-sha256</format> + <description>dhe-rsa-aes128-gcm-sha256</description> + </valueHelp> + <valueHelp> + <format>dhe-rsa-aes256-gcm-sha384</format> + <description>dhe-rsa-aes256-gcm-sha384</description> + </valueHelp> + <constraint> + <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384) + </regex> + </constraint> + <multi/> + </properties> + <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> + </leafNode> + <leafNode name="tls-version-min"> + <properties> + <help>Specify the minimum required TLS version</help> + <completionHelp> + <list>1.2 1.3</list> + </completionHelp> + <valueHelp> + <format>1.2</format> + <description>TLS v1.2</description> + </valueHelp> + <valueHelp> + <format>1.3</format> + <description>TLS v1.3</description> + </valueHelp> + <constraint> + <regex>(1.2|1.3)</regex> + </constraint> + </properties> + <defaultValue>1.3</defaultValue> + </leafNode> + </children> + </node> + </children> + </node> + #include <include/interface/vrf.xml.i> + </children> + </node> + </children> + </node> +</interfaceDefinition> |