Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
|
|
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
|
|
server certificates
(cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
|
|
(cherry picked from commit 6d79c73d4fa2d26197c1bc19df215a204af6c5dd)
|
|
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
(cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
|
|
Add ability to configure multiple SSL certificates for
frontend/service
set load-balancing reverse-proxy service web mode http
set load-balancing reverse-proxy service web port 443
set load-balancing reverse-proxy service web ssl certificate cert1
set load-balancing reverse-proxy service web ssl certificate cert2
(cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
|
|
A `backup` server can be defined to take over in the case of all other
backends failing
set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3'
set load-balancing reverse-proxy backend <tag> server <tag> port '8883'
set load-balancing reverse-proxy backend <tag> server <tag> backup
(cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)
|
|
By default haproxy uses timeouts in millisecond but we set timeouts
in seconds from CLI
Fix template to use 'seconds' units
(cherry picked from commit 257019520c49c20824b7e5cad01d2d29ef5f62e6)
|
|
To accept a Proxy Protocol header on incoming TCP connections,
add an accept-proxy parameter to the bind line in a frontend section.
This parameter detects both Proxy Protocol version 1 (text format)
and Proxy Protocol version 2 (binary format).
set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
|
|
Load-balancing reverse-proxy listen-address is multi-value node
Use bracketize for correct set bind config for IPv6 addresses
Listen by default IPv4 and IPv6 if listen-address is not defined
|
|
Improve and refactoring "load-balancing reverse-proxy"
- replace 'reverse-proxy server <tag>'
=> 'reverse-proxy service <tag>'
- replace 'reverse-proxy global-parameters tls <xxx>'
=> 'reverse-proxy global-parameters tls-version-min xxx'
=> 'reverse-proxy global-parameters ssl-bind-ciphers xxx'
- replace 'reverse-proxy service https rule <tag> set server 'xxx'
=> 'reverse-proxy service https rule <tag> set backend 'xxx'
'service https rule <tag> domain-name xxx' set as multinode
|
|
|
|
Use XML and python3 for 'load-balancing wan'
Use Jinja2 templates instead of old vyatta-wanloadbalance.pl to
generate configuration '/run/load-balance/wlb.conf' wich used by
/opt/vyatta/sbin/wan_lb
|