summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/haproxy/mode.xml.i22
-rw-r--r--interface-definitions/include/haproxy/rule.xml.i130
-rw-r--r--interface-definitions/include/haproxy/timeout.xml.i45
-rw-r--r--interface-definitions/load-balancing-haproxy.xml.in245
4 files changed, 442 insertions, 0 deletions
diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i
new file mode 100644
index 000000000..672ea65b4
--- /dev/null
+++ b/interface-definitions/include/haproxy/mode.xml.i
@@ -0,0 +1,22 @@
+<!-- include start from haproxy/mode.xml.i -->
+<leafNode name="mode">
+ <properties>
+ <help>Proxy mode</help>
+ <completionHelp>
+ <list>http tcp</list>
+ </completionHelp>
+ <constraintErrorMessage>invalid value</constraintErrorMessage>
+ <valueHelp>
+ <format>http</format>
+ <description>HTTP proxy mode</description>
+ </valueHelp>
+ <valueHelp>
+ <format>tcp</format>
+ <description>TCP proxy mode</description>
+ </valueHelp>
+ <constraint>
+ <regex>(http|tcp)</regex>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/rule.xml.i b/interface-definitions/include/haproxy/rule.xml.i
new file mode 100644
index 000000000..9d9f63c9c
--- /dev/null
+++ b/interface-definitions/include/haproxy/rule.xml.i
@@ -0,0 +1,130 @@
+<!-- include start from haproxy/rule.xml.i -->
+<tagNode name="rule">
+ <properties>
+ <help>Proxy rule number</help>
+ <valueHelp>
+ <format>u32:1-10000</format>
+ <description>Number for this proxy rule</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-10000"/>
+ </constraint>
+ <constraintErrorMessage>Proxy rule number must be between 1 and 10000</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="domain-name">
+ <properties>
+ <help>Domain name to match</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Domain address to match</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="set">
+ <properties>
+ <help>Proxy modifications</help>
+ </properties>
+ <children>
+ <leafNode name="redirect-location">
+ <properties>
+ <help>Set URL location</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Set URL location</description>
+ </valueHelp>
+ <constraint>
+ <regex>^\/[\w\-.\/]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ <leafNode name="server">
+ <properties>
+ <help>Server name</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <leafNode name="ssl">
+ <properties>
+ <help>SSL match options</help>
+ <completionHelp>
+ <list>req-ssl-sni ssl-fc-sni</list>
+ </completionHelp>
+ <valueHelp>
+ <format>req-ssl-sni</format>
+ <description>SSL Server Name Indication (SNI) request match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ssl-fc-sni</format>
+ <description>SSL frontend connection Server Name Indication match</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ssl-fc-sni-end</format>
+ <description>SSL frontend match end of connection Server Name Indication</description>
+ </valueHelp>
+ <constraint>
+ <regex>(req-ssl-sni|ssl-fc-sni|ssl-fc-sni-end)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="url-path">
+ <properties>
+ <help>URL path match</help>
+ </properties>
+ <children>
+ <leafNode name="begin">
+ <properties>
+ <help>Begin URL match</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Begin URL</description>
+ </valueHelp>
+ <constraint>
+ <regex>^\/[\w\-.\/]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="end">
+ <properties>
+ <help>End URL match</help>
+ <valueHelp>
+ <format>url</format>
+ <description>End URL</description>
+ </valueHelp>
+ <constraint>
+ <regex>^\/[\w\-.\/]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="exact">
+ <properties>
+ <help>Exactly URL match</help>
+ <valueHelp>
+ <format>url</format>
+ <description>Exactly URL</description>
+ </valueHelp>
+ <constraint>
+ <regex>^\/[\w\-.\/]+$</regex>
+ </constraint>
+ <constraintErrorMessage>Incorrect URL format</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i
new file mode 100644
index 000000000..250b35683
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout.xml.i
@@ -0,0 +1,45 @@
+<!-- include start from haproxy/timeout.xml.i -->
+<node name="timeout">
+ <properties>
+ <help>Tiemout options</help>
+ </properties>
+ <children>
+ <leafNode name="check">
+ <properties>
+ <help>Timeout in seconds for established connections</help>
+ <valueHelp>
+ <format>u32:1-3600</format>
+ <description>Check timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-3600"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="connect">
+ <properties>
+ <help>Set the maximum time to wait for a connection attempt to a server to succeed</help>
+ <valueHelp>
+ <format>u32:1-3600</format>
+ <description>Connect timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-3600"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="server">
+ <properties>
+ <help>Set the maximum inactivity time on the server side</help>
+ <valueHelp>
+ <format>u32:1-3600</format>
+ <description>Server timeout in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-3600"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/load-balancing-haproxy.xml.in b/interface-definitions/load-balancing-haproxy.xml.in
new file mode 100644
index 000000000..268f4cd18
--- /dev/null
+++ b/interface-definitions/load-balancing-haproxy.xml.in
@@ -0,0 +1,245 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+ <node name="load-balancing">
+ <children>
+ <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing-haproxy.py">
+ <properties>
+ <help>Configure reverse-proxy</help>
+ </properties>
+ <children>
+ <tagNode name="server">
+ <properties>
+ <help>Frontend name</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="backend">
+ <properties>
+ <help>Backend member</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ <valueHelp>
+ <format>txt</format>
+ <description>Backend name</description>
+ </valueHelp>
+ <completionHelp>
+ <path>load-balancing reverse-proxy backend</path>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/listen-address.xml.i>
+ #include <include/haproxy/mode.xml.i>
+ #include <include/port-number.xml.i>
+ #include <include/haproxy/rule.xml.i>
+ <leafNode name="redirect-http-to-https">
+ <properties>
+ <help>Redirect HTTP to HTTPS</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/certificate.xml.i>
+ </children>
+ </node>
+ </children>
+ </tagNode>
+ <tagNode name="backend">
+ <properties>
+ <help>Backend name</help>
+ <constraint>
+ <regex>[-_a-zA-Z0-9]+</regex>
+ </constraint>
+ <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
+ </properties>
+ <children>
+ <leafNode name="balance">
+ <properties>
+ <help>Load-balancing algorithm</help>
+ <completionHelp>
+ <list>source-address round-robin least-connection</list>
+ </completionHelp>
+ <valueHelp>
+ <format>source-address</format>
+ <description>Based on hash of source IP address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>round-robin</format>
+ <description>Round robin</description>
+ </valueHelp>
+ <valueHelp>
+ <format>least-connection</format>
+ <description>Least connection</description>
+ </valueHelp>
+ <constraint>
+ <regex>(source-address|round-robin|least-connection)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>round-robin</defaultValue>
+ </leafNode>
+ #include <include/generic-description.xml.i>
+ #include <include/haproxy/mode.xml.i>
+ <node name="parameters">
+ <properties>
+ <help>Backend parameters</help>
+ </properties>
+ <children>
+ <leafNode name="http-check">
+ <properties>
+ <help>HTTP health check</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ #include <include/haproxy/rule.xml.i>
+ <tagNode name="server">
+ <properties>
+ <help>Backend server name</help>
+ </properties>
+ <children>
+ <leafNode name="address">
+ <properties>
+ <help>Backend server address</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 unicast peer address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 unicast peer address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="check">
+ <properties>
+ <help>Active health check backend server</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ #include <include/port-number.xml.i>
+ </children>
+ </tagNode>
+ <node name="ssl">
+ <properties>
+ <help>SSL Certificate, SSL Key and CA</help>
+ </properties>
+ <children>
+ #include <include/pki/ca-certificate.xml.i>
+ </children>
+ </node>
+ #include <include/haproxy/timeout.xml.i>
+ </children>
+ </tagNode>
+ <node name="global-parameters">
+ <properties>
+ <help>Global perfomance parameters and limits</help>
+ </properties>
+ <children>
+ <leafNode name="max-connections">
+ <properties>
+ <help>Maximum allowed connections</help>
+ <valueHelp>
+ <format>u32:1-2000000</format>
+ <description>Maximum allowed connections</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 1-2000000"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <node name="tls">
+ <properties>
+ <help>Transport Layer Security (TLS) options</help>
+ </properties>
+ <children>
+ <leafNode name="ssl-bind-ciphers">
+ <properties>
+ <help>SSL default bind ciphers</help>
+ <completionHelp>
+ <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list>
+ </completionHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes128-gcm-sha256</format>
+ <description>ecdhe-ecdsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes128-gcm-sha256</format>
+ <description>ecdhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-aes256-gcm-sha384</format>
+ <description>ecdhe-ecdsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-aes256-gcm-sha384</format>
+ <description>ecdhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-ecdsa-chacha20-poly1305</format>
+ <description>ecdhe-ecdsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ecdhe-rsa-chacha20-poly1305</format>
+ <description>ecdhe-rsa-chacha20-poly1305</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes128-gcm-sha256</format>
+ <description>dhe-rsa-aes128-gcm-sha256</description>
+ </valueHelp>
+ <valueHelp>
+ <format>dhe-rsa-aes256-gcm-sha384</format>
+ <description>dhe-rsa-aes256-gcm-sha384</description>
+ </valueHelp>
+ <constraint>
+ <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)
+ </regex>
+ </constraint>
+ <multi/>
+ </properties>
+ <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue>
+ </leafNode>
+ <leafNode name="tls-version-min">
+ <properties>
+ <help>Specify the minimum required TLS version</help>
+ <completionHelp>
+ <list>1.2 1.3</list>
+ </completionHelp>
+ <valueHelp>
+ <format>1.2</format>
+ <description>TLS v1.2</description>
+ </valueHelp>
+ <valueHelp>
+ <format>1.3</format>
+ <description>TLS v1.3</description>
+ </valueHelp>
+ <constraint>
+ <regex>(1.2|1.3)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>1.3</defaultValue>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ #include <include/interface/vrf.xml.i>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 11:01:15 +0000