vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

haproxy: T6745: Rename reverse-proxy to haproxy

Browse Source
This commit is contained in:
sarthurdev 2024-10-09 19:47:42 +02:00
parent 0260ace86f
commit e7eb3fa6e0
2 changed files with 106 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
docs/configuration/loadbalancing/reverse-proxy.rst → docs/configuration/loadbalancing/haproxy.rst
View File

@ -1,11 +1,11 @@
#############
Reverse-proxy
Haproxy
#############
.. include:: /_include/need_improvement.txt
VyOS reverse-proxy is balancer and proxy server that provides
Haproxy is a balancer and proxy server that provides
high-availability, load balancing and proxying for TCP (level 4)
and HTTP-based (level 7) applications.
@ -20,37 +20,37 @@ to be applied and specifies the real servers to be utilized.
Service
-------
.. cfgcmd:: set load-balancing reverse-proxy service <name> listen-address
.. cfgcmd:: set load-balancing haproxy service <name> listen-address
<address>
Set service to bind on IP address, by default listen on any IPv4 and IPv6
.. cfgcmd:: set load-balancing reverse-proxy service <name> port
.. cfgcmd:: set load-balancing haproxy service <name> port
<port>
Create service `<name>` to listen on <port>
.. cfgcmd:: set load-balancing reverse-proxy service <name> mode
.. cfgcmd:: set load-balancing haproxy service <name> mode
<tcp|http>
Configure service `<name>` mode TCP or HTTP
.. cfgcmd:: set load-balancing reverse-proxy service <name> backend
.. cfgcmd:: set load-balancing haproxy service <name> backend
<name>
Configure service `<name>` to use the backend <name>
.. cfgcmd:: set load-balancing reverse-proxy service <name> ssl
.. cfgcmd:: set load-balancing haproxy service <name> ssl
certificate <name>
Set SSL certificate <name> for service <name>
.. cfgcmd:: set load-balancing reverse-proxy service <name>
.. cfgcmd:: set load-balancing haproxy service <name>
http-response-headers <header-name> value <header-value>
Set custom HTTP headers to be included in all responses
.. cfgcmd:: set load-balancing reverse-proxy service <name> logging facility
.. cfgcmd:: set load-balancing haproxy service <name> logging facility
<facility> level <level>
Specify facility and level for logging.
@ -64,12 +64,12 @@ Rules allow to control and route incoming traffic to specific backend based
on predefined conditions. Rules allow to define matching criteria and
perform action accordingly.
.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
domain-name <name>
Match domain name
.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
ssl <sni>
SSL match Server Name Indication (SNI) option:
@ -79,7 +79,7 @@ perform action accordingly.
Indication
.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
url-path <match> <url>
Allows to define URL path matching rules for a specific service.
@ -92,12 +92,12 @@ perform action accordingly.
* ``end`` Matches the end of the URL path.
* ``exact`` Requires an exactly match of the URL path
.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
set backend <name>
Assign a specific backend to a rule
.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule>
.. cfgcmd:: set load-balancing haproxy service <name> rule <rule>
redirect-location <url>
Redirect URL to a new location
@ -106,7 +106,7 @@ perform action accordingly.
Backend
-------
.. cfgcmd:: set load-balancing reverse-proxy backend <name> balance
.. cfgcmd:: set load-balancing haproxy backend <name> balance
<balance>
Load-balancing algorithms to be used for distributed requests among the
@ -120,54 +120,54 @@ Backend
* ``least-connection`` Distributes requests to the server with the fewest
active connections
.. cfgcmd:: set load-balancing reverse-proxy backend <name> mode
.. cfgcmd:: set load-balancing haproxy backend <name> mode
<mode>
Configure backend `<name>` mode TCP or HTTP
.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> address <x.x.x.x>
Set the address of the backend server to which the incoming traffic will
be forwarded
.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> port <port>
Set the address of the backend port
.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> check
Active health check backend server
.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> send-proxy
Send a Proxy Protocol version 1 header (text format)
.. cfgcmd:: set load-balancing reverse-proxy backend <name> server
.. cfgcmd:: set load-balancing haproxy backend <name> server
<name> send-proxy-v2
Send a Proxy Protocol version 2 header (binary format)
.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl
.. cfgcmd:: set load-balancing haproxy backend <name> ssl
ca-certificate <ca-certificate>
Configure requests to the backend server to use SSL encryption and
authenticate backend against <ca-certificate>
.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl no-verify
.. cfgcmd:: set load-balancing haproxy backend <name> ssl no-verify
Configure requests to the backend server to use SSL encryption without
validating server certificate
.. cfgcmd:: set load-balancing reverse-proxy backend <name>
.. cfgcmd:: set load-balancing haproxy backend <name>
http-response-headers <header-name> value <header-value>
Set custom HTTP headers to be included in all responses using the backend
.. cfgcmd:: set load-balancing reverse-proxy backend <name> logging facility
.. cfgcmd:: set load-balancing haproxy backend <name> logging facility
<facility> level <level>
Specify facility and level for logging.
@ -180,22 +180,22 @@ Global
Global parameters
.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections
.. cfgcmd:: set load-balancing haproxy global-parameters max-connections
<num>
Limit maximum number of connections
.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers
.. cfgcmd:: set load-balancing haproxy global-parameters ssl-bind-ciphers
<ciphers>
Limit allowed cipher algorithms used during SSL/TLS handshake
.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min
.. cfgcmd:: set load-balancing haproxy global-parameters tls-version-min
<version>
Specify the minimum required TLS version 1.2 or 1.3
.. cfgcmd:: set load-balancing reverse-proxy global-parameters logging
.. cfgcmd:: set load-balancing haproxy global-parameters logging
facility <facility> level <level>
Specify facility and level for logging.
@ -212,22 +212,22 @@ HTTP checks
For web application providing information about their state HTTP health
checks can be used to determine their availability.
.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
.. cfgcmd:: set load-balancing haproxy backend <name> http-check
Enables HTTP health checks using OPTION HTTP requests against '/' and
expecting a successful response code in the 200-399 range.
.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
.. cfgcmd:: set load-balancing haproxy backend <name> http-check
method <method>
Sets the HTTP method to be used, can be either: option, get, post, put
.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
.. cfgcmd:: set load-balancing haproxy backend <name> http-check
uri <path>
Sets the endpoint to be used for health checks
.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
.. cfgcmd:: set load-balancing haproxy backend <name> http-check
expect <condition>
Sets the expected result condition for considering a server healthy.
@ -244,7 +244,7 @@ TCP checks
Health checks can also be configured for TCP mode backends. You can configure
protocol aware checks for a range of Layer 7 protocols:
.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol>
.. cfgcmd:: set load-balancing haproxy backend <name> health-check <protocol>
Available health check protocols:
* ``ldap`` LDAP protocol check.
@ -261,15 +261,15 @@ protocol aware checks for a range of Layer 7 protocols:
Redirect HTTP to HTTPS
======================
Configure the load-balancing reverse-proxy service for HTTP.
Configure the load-balancing haproxy service for HTTP.
This configuration listen on port 80 and redirect incoming
requests to HTTPS:
.. code-block:: none
set load-balancing reverse-proxy service http port '80'
set load-balancing reverse-proxy service http redirect-http-to-https
set load-balancing haproxy service http port '80'
set load-balancing haproxy service http redirect-http-to-https
The name of the service can be different, in this example it is only for
convenience.
@ -287,17 +287,17 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm.
.. code-block:: none
set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
set load-balancing reverse-proxy service my-tcp-api port '8888'
set load-balancing haproxy service my-tcp-api backend 'bk-01'
set load-balancing haproxy service my-tcp-api mode 'tcp'
set load-balancing haproxy service my-tcp-api port '8888'
set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
set load-balancing reverse-proxy backend bk-01 mode 'tcp'
set load-balancing haproxy backend bk-01 balance 'round-robin'
set load-balancing haproxy backend bk-01 mode 'tcp'
set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11'
set load-balancing haproxy backend bk-01 server srv01 port '8881'
set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12'
set load-balancing haproxy backend bk-01 server srv02 port '8882'
Balancing based on domain name
@ -315,23 +315,23 @@ to the backend ``bk-api-02``
.. code-block:: none
set load-balancing reverse-proxy service http description 'bind app listen on 443 port'
set load-balancing reverse-proxy service http mode 'tcp'
set load-balancing reverse-proxy service http port '80'
set load-balancing haproxy service http description 'bind app listen on 443 port'
set load-balancing haproxy service http mode 'tcp'
set load-balancing haproxy service http port '80'
set load-balancing reverse-proxy service http rule 10 domain-name 'node1.example.com'
set load-balancing reverse-proxy service http rule 10 set backend 'bk-api-01'
set load-balancing reverse-proxy service http rule 20 domain-name 'node2.example.com'
set load-balancing reverse-proxy service http rule 20 set backend 'bk-api-02'
set load-balancing haproxy service http rule 10 domain-name 'node1.example.com'
set load-balancing haproxy service http rule 10 set backend 'bk-api-01'
set load-balancing haproxy service http rule 20 domain-name 'node2.example.com'
set load-balancing haproxy service http rule 20 set backend 'bk-api-02'
set load-balancing reverse-proxy backend bk-api-01 description 'My API-1'
set load-balancing reverse-proxy backend bk-api-01 mode 'tcp'
set load-balancing reverse-proxy backend bk-api-01 server api01 address '127.0.0.1'
set load-balancing reverse-proxy backend bk-api-01 server api01 port '4431'
set load-balancing reverse-proxy backend bk-api-02 description 'My API-2'
set load-balancing reverse-proxy backend bk-api-02 mode 'tcp'
set load-balancing reverse-proxy backend bk-api-02 server api01 address '127.0.0.2'
set load-balancing reverse-proxy backend bk-api-02 server api01 port '4432'
set load-balancing haproxy backend bk-api-01 description 'My API-1'
set load-balancing haproxy backend bk-api-01 mode 'tcp'
set load-balancing haproxy backend bk-api-01 server api01 address '127.0.0.1'
set load-balancing haproxy backend bk-api-01 server api01 port '4431'
set load-balancing haproxy backend bk-api-02 description 'My API-2'
set load-balancing haproxy backend bk-api-02 mode 'tcp'
set load-balancing haproxy backend bk-api-02 server api01 address '127.0.0.2'
set load-balancing haproxy backend bk-api-02 server api01 port '4432'
Terminate SSL
@ -357,30 +357,30 @@ connection limit of 4000 and a minimum TLS version of 1.3.
.. code-block:: none
set load-balancing reverse-proxy service http description 'Force redirect to HTTPS'
set load-balancing reverse-proxy service http port '80'
set load-balancing reverse-proxy service http redirect-http-to-https
set load-balancing haproxy service http description 'Force redirect to HTTPS'
set load-balancing haproxy service http port '80'
set load-balancing haproxy service http redirect-http-to-https
set load-balancing reverse-proxy service https backend 'bk-default'
set load-balancing reverse-proxy service https description 'listen on 443 port'
set load-balancing reverse-proxy service https mode 'http'
set load-balancing reverse-proxy service https port '443'
set load-balancing reverse-proxy service https ssl certificate 'cert'
set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000'
set load-balancing haproxy service https backend 'bk-default'
set load-balancing haproxy service https description 'listen on 443 port'
set load-balancing haproxy service https mode 'http'
set load-balancing haproxy service https port '443'
set load-balancing haproxy service https ssl certificate 'cert'
set load-balancing haproxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000'
set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx'
set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/'
set load-balancing reverse-proxy service https rule 20 url-path end '/mail'
set load-balancing reverse-proxy service https rule 20 url-path exact '/email/bar'
set load-balancing reverse-proxy service https rule 20 set redirect-location '/postfix/'
set load-balancing haproxy service https rule 10 url-path exact '/.well-known/xxx'
set load-balancing haproxy service https rule 10 set redirect-location '/certs/'
set load-balancing haproxy service https rule 20 url-path end '/mail'
set load-balancing haproxy service https rule 20 url-path exact '/email/bar'
set load-balancing haproxy service https rule 20 set redirect-location '/postfix/'
set load-balancing reverse-proxy backend bk-default description 'Default backend'
set load-balancing reverse-proxy backend bk-default mode 'http'
set load-balancing reverse-proxy backend bk-default server sr01 address '192.0.2.23'
set load-balancing reverse-proxy backend bk-default server sr01 port '80'
set load-balancing haproxy backend bk-default description 'Default backend'
set load-balancing haproxy backend bk-default mode 'http'
set load-balancing haproxy backend bk-default server sr01 address '192.0.2.23'
set load-balancing haproxy backend bk-default server sr01 port '80'
set load-balancing reverse-proxy global-parameters max-connections '4000'
set load-balancing reverse-proxy global-parameters tls-version-min '1.3'
set load-balancing haproxy global-parameters max-connections '4000'
set load-balancing haproxy global-parameters tls-version-min '1.3'
SSL Bridging
@ -402,17 +402,17 @@ and checks backend server has a valid certificate trusted by CA ``cacert``
.. code-block:: none
set load-balancing reverse-proxy service https backend 'bk-bridge-ssl'
set load-balancing reverse-proxy service https description 'listen on 443 port'
set load-balancing reverse-proxy service https mode 'http'
set load-balancing reverse-proxy service https port '443'
set load-balancing reverse-proxy service https ssl certificate 'cert'
set load-balancing haproxy service https backend 'bk-bridge-ssl'
set load-balancing haproxy service https description 'listen on 443 port'
set load-balancing haproxy service https mode 'http'
set load-balancing haproxy service https port '443'
set load-balancing haproxy service https ssl certificate 'cert'
set load-balancing reverse-proxy backend bk-bridge-ssl description 'SSL backend'
set load-balancing reverse-proxy backend bk-bridge-ssl mode 'http'
set load-balancing reverse-proxy backend bk-bridge-ssl ssl ca-certificate 'cacert'
set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443'
set load-balancing haproxy backend bk-bridge-ssl description 'SSL backend'
set load-balancing haproxy backend bk-bridge-ssl mode 'http'
set load-balancing haproxy backend bk-bridge-ssl ssl ca-certificate 'cacert'
set load-balancing haproxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
set load-balancing haproxy backend bk-bridge-ssl server sr01 port '443'
Balancing with HTTP health checks
@ -422,21 +422,21 @@ This configuration enables HTTP health checks on backend servers.
.. code-block:: none
set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
set load-balancing reverse-proxy service my-tcp-api port '8888'
set load-balancing haproxy service my-tcp-api backend 'bk-01'
set load-balancing haproxy service my-tcp-api mode 'tcp'
set load-balancing haproxy service my-tcp-api port '8888'
set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
set load-balancing reverse-proxy backend bk-01 mode 'tcp'
set load-balancing haproxy backend bk-01 balance 'round-robin'
set load-balancing haproxy backend bk-01 mode 'tcp'
set load-balancing reverse-proxy backend bk-01 http-check method 'get'
set load-balancing reverse-proxy backend bk-01 http-check uri '/health'
set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200'
set load-balancing haproxy backend bk-01 http-check method 'get'
set load-balancing haproxy backend bk-01 http-check uri '/health'
set load-balancing haproxy backend bk-01 http-check expect 'status 200'
set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
set load-balancing reverse-proxy backend bk-01 server srv01 check
set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
set load-balancing reverse-proxy backend bk-01 server srv02 check
set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11'
set load-balancing haproxy backend bk-01 server srv01 port '8881'
set load-balancing haproxy backend bk-01 server srv01 check
set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12'
set load-balancing haproxy backend bk-01 server srv02 port '8882'
set load-balancing haproxy backend bk-01 server srv02 check

2
docs/configuration/loadbalancing/index.rst
View File

@ -9,4 +9,4 @@ Load-balancing
:includehidden:
wan
reverse-proxy
haproxy