Merge pull request #1388 from nvollmar/haproxy-http-check

T6246: adds haproxy http-check configuration documentation
2025-10-26 08:41:46 +01:00 · 2024-04-19 13:48:15 +02:00 · 2024-04-19 13:48:15 +02:00 · 9fec5003f7
commit 9fec5003f7
parent e176d0d548 49178565bb
1 changed files with 68 additions and 7 deletions
--- a/docs/configuration/loadbalancing/reverse-proxy.rst
+++ b/docs/configuration/loadbalancing/reverse-proxy.rst
@ -144,7 +144,8 @@ Backend
  Send a Proxy Protocol version 2 header (binary format)
-.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl ca-certificate <ca-certificate>
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl
   ca-certificate <ca-certificate>
  Configure requests to the backend server to use SSL encryption and
  authenticate backend against <ca-certificate>
@ -154,6 +155,37 @@ Backend
  Configure requests to the backend server to use SSL encryption without
  validating server certificate
 HTTP health check
 ^^^^^^^^^^^^^^^^^
 For web application providing information about their state HTTP health
 checks can be used to determine their availability.
 .. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
  Enables HTTP health checks using OPTION HTTP requests against '/' and
  expecting a successful response code in the 200-399 range.
 .. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
   method <method>
  Sets the HTTP method to be used, can be either: option, get, post, put
 .. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
   uri <path>
  Sets the endpoint to be used for health checks
 .. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
   expect <condition>
  Sets the expected result condition for considering a server healthy.
  Some possible examples are:
   * ``status 200`` Expecting a 200 response code
   * ``status 200-399`` Expecting a non-failure response code
   * ``string success`` Expecting the string `success` in the response body
 Global
 -------
@ -215,6 +247,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm.
    set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
    set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
 Balancing based on domain name
 ------------------------------
 The following configuration demonstrates how to use VyOS
@ -295,20 +328,22 @@ connection limit of 4000 and a minimum TLS version of 1.3.
    set load-balancing reverse-proxy global-parameters max-connections '4000'
    set load-balancing reverse-proxy global-parameters tls-version-min '1.3'
 SSL Bridging
 -------------
-The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends
+The following configuration terminates incoming HTTPS traffic on the router,
-to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to
+then re-encrypts the traffic and sends to the backend server via HTTPS.
 This is useful if encryption is required for both legs, but you do not want to
 install publicly trusted certificates on each backend server.
-Backend service certificates are checked against the certificate authority specified in the configuration, which
+Backend service certificates are checked against the certificate authority
-could be an internal CA.
+specified in the configuration, which could be an internal CA.
 The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to
 handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination.
-The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend
+The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS
-server has a valid certificate trusted by CA ``cacert``
+and checks backend server has a valid certificate trusted by CA ``cacert``
 .. code-block:: none
@ -325,3 +360,29 @@ server has a valid certificate trusted by CA ``cacert``
    set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
    set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443'
 Balancing with HTTP health checks
 ---------------------------------
 This configuration enables HTTP health checks on backend servers.
 .. code-block:: none
    set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
    set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
    set load-balancing reverse-proxy service my-tcp-api port '8888'
    set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
    set load-balancing reverse-proxy backend bk-01 mode 'tcp'
    set load-balancing reverse-proxy backend bk-01 http-check method 'get'
    set load-balancing reverse-proxy backend bk-01 http-check uri '/health'
    set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200'
    set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
    set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
    set load-balancing reverse-proxy backend bk-01 server srv01 check
    set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
    set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
    set load-balancing reverse-proxy backend bk-01 server srv02 check