diff options
| author | rebortg <github@ghlr.de> | 2024-06-11 16:56:52 +0200 |
|---|---|---|
| committer | rebortg <github@ghlr.de> | 2024-06-11 16:56:52 +0200 |
| commit | 579c5cc953c8f5ac2a17218fd8d58b4a53bab7ca (patch) | |
| tree | 7e3ac0f562b3f98ca114ce1d27b3a6734b4725cb /docs/configuration | |
| parent | 96039bd2f44018ae767930e252305bedece57156 (diff) | |
| parent | b9ff99942d10c8dac66875fd38a8b28c34d3321f (diff) | |
| download | vyos-documentation-579c5cc953c8f5ac2a17218fd8d58b4a53bab7ca.tar.gz vyos-documentation-579c5cc953c8f5ac2a17218fd8d58b4a53bab7ca.zip | |
Merge branch 'current' of github.com:vyos/vyos-documentation into current
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/container/index.rst | 22 | ||||
| -rw-r--r-- | docs/configuration/loadbalancing/reverse-proxy.rst | 66 |
2 files changed, 66 insertions, 22 deletions
diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 4dacc6f4..a1672aa7 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -133,6 +133,17 @@ Configuration - **always**: Restart containers when they exit, regardless of status, retrying indefinitely +.. cfgcmd:: set container name <name> cpu-quota <num> + + This specifies the number of CPU resources the container can use. + + Default is 0 for unlimited. + For example, 1.25 limits the container to use up to 1.25 cores + worth of CPU time. + This can be a decimal number with up to three decimal places. + + The command translates to "--cpus=<num>" when the container is created. + .. cfgcmd:: set container name <name> memory <MB> Constrain the memory available to the container. @@ -157,6 +168,17 @@ Configuration setdomainame) - **sys-time**: Permission to set system clock +.. cfgcmd:: set container name <name> sysctl parameter <parameter> value <value> + + Set container sysctl values. + + The subset of possible parameters are: + + - Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, + kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + - Parameters beginning with fs.mqueue.* + - Parameters beginning with net.* (only if user-defined network is used) + .. cfgcmd:: set container name <name> label <label> value <value> Add metadata label for this container. diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 044d2044..9cb49a7f 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -118,11 +118,6 @@ Backend Configure backend `<name>` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy backend <name> parameters - http-check - - Enable layer 7 HTTP health check - .. cfgcmd:: set load-balancing reverse-proxy backend <name> server <name> address <x.x.x.x> @@ -166,8 +161,34 @@ Backend Set custom HTTP headers to be included in all responses using the backend -HTTP health check -^^^^^^^^^^^^^^^^^ +Global +------- + +Global parameters + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections + <num> + + Limit maximum number of connections + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers + <ciphers> + + Limit allowed cipher algorithms used during SSL/TLS handshake + +.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min + <version> + + Specify the minimum required TLS version 1.2 or 1.3 + + +Health checks +============= + + +HTTP checks +----------- + For web application providing information about their state HTTP health checks can be used to determine their availability. @@ -190,31 +211,32 @@ checks can be used to determine their availability. expect <condition> Sets the expected result condition for considering a server healthy. + Some possible examples are: * ``status 200`` Expecting a 200 response code * ``status 200-399`` Expecting a non-failure response code * ``string success`` Expecting the string `success` in the response body -Global -------- +TCP checks +---------- -Global parameters +Health checks can also be configured for TCP mode backends. You can configure +protocol aware checks for a range of Layer 7 protocols: -.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections - <num> +.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol> - Limit maximum number of connections - -.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers - <ciphers> - - Limit allowed cipher algorithms used during SSL/TLS handshake + Available health check protocols: + * ``ldap`` LDAP protocol check. + * ``redis`` Redis protocol check. + * ``mysql`` MySQL protocol check. + * ``pgsql`` PostgreSQL protocol check. + * ``smtp`` SMTP protocol check. -.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min - <version> - - Specify the minimum required TLS version 1.2 or 1.3 +.. note:: If you specify a server to be checked but do not configure a + protocol, a basic TCP health check will be attempted. A server shall be + deemed online if it responses to a connection attempt with a valid + ``SYN/ACK`` packet. Redirect HTTP to HTTPS |