vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-12-15 18:12:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1472 from Embezzle/T6434

Browse Source 
reverse-proxy: T6434: Support additional health-check protocols
This commit is contained in:
Robert Göhler 2024-06-05 21:27:47 +02:00 committed by GitHub
commit 411850b907
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 44 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
docs/configuration/loadbalancing/reverse-proxy.rst
View File

@ -161,8 +161,34 @@ Backend
Set custom HTTP headers to be included in all responses using the backend
HTTP health check
^^^^^^^^^^^^^^^^^
Global
-------
Global parameters
.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
<num>
Limit maximum number of connections
.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
<ciphers>
Limit allowed cipher algorithms used during SSL/TLS handshake
.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
<version>
Specify the minimum required TLS version 1.2 or 1.3
Health checks
=============
HTTP checks
-----------
For web application providing information about their state HTTP health
checks can be used to determine their availability.
@ -185,31 +211,32 @@ checks can be used to determine their availability.
expect <condition>
Sets the expected result condition for considering a server healthy.
Some possible examples are:
* ``status 200`` Expecting a 200 response code
* ``status 200-399`` Expecting a non-failure response code
* ``string success`` Expecting the string `success` in the response body
Global
-------
TCP checks
----------
Global parameters
Health checks can also be configured for TCP mode backends. You can configure
protocol aware checks for a range of Layer 7 protocols:
.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
<num>
.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol>
Limit maximum number of connections
Available health check protocols:
* ``ldap`` LDAP protocol check.
* ``redis`` Redis protocol check.
* ``mysql`` MySQL protocol check.
* ``pgsql`` PostgreSQL protocol check.
* ``smtp`` SMTP protocol check.
.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
<ciphers>
Limit allowed cipher algorithms used during SSL/TLS handshake
.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
<version>
Specify the minimum required TLS version 1.2 or 1.3
.. note:: If you specify a server to be checked but do not configure a
protocol, a basic TCP health check will be attempted. A server shall be
deemed online if it responses to a connection attempt with a valid
``SYN/ACK`` packet.
Redirect HTTP to HTTPS