From e7eb3fa6e08d2a7886cd25a8176c333ff0cee3c1 Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Wed, 9 Oct 2024 19:47:42 +0200 Subject: [PATCH] haproxy: T6745: Rename `reverse-proxy` to `haproxy` --- .../{reverse-proxy.rst => haproxy.rst} | 210 +++++++++--------- docs/configuration/loadbalancing/index.rst | 2 +- 2 files changed, 106 insertions(+), 106 deletions(-) rename docs/configuration/loadbalancing/{reverse-proxy.rst => haproxy.rst} (51%) diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/haproxy.rst similarity index 51% rename from docs/configuration/loadbalancing/reverse-proxy.rst rename to docs/configuration/loadbalancing/haproxy.rst index 32be85c8..3ce59b35 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/haproxy.rst @@ -1,11 +1,11 @@ ############# -Reverse-proxy +Haproxy ############# .. include:: /_include/need_improvement.txt -VyOS reverse-proxy is balancer and proxy server that provides +Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications. @@ -20,37 +20,37 @@ to be applied and specifies the real servers to be utilized. Service ------- -.. cfgcmd:: set load-balancing reverse-proxy service listen-address +.. cfgcmd:: set load-balancing haproxy service listen-address
Set service to bind on IP address, by default listen on any IPv4 and IPv6 -.. cfgcmd:: set load-balancing reverse-proxy service port +.. cfgcmd:: set load-balancing haproxy service port Create service `` to listen on -.. cfgcmd:: set load-balancing reverse-proxy service mode +.. cfgcmd:: set load-balancing haproxy service mode Configure service `` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy service backend +.. cfgcmd:: set load-balancing haproxy service backend Configure service `` to use the backend -.. cfgcmd:: set load-balancing reverse-proxy service ssl +.. cfgcmd:: set load-balancing haproxy service ssl certificate Set SSL certificate for service -.. cfgcmd:: set load-balancing reverse-proxy service +.. cfgcmd:: set load-balancing haproxy service http-response-headers value Set custom HTTP headers to be included in all responses -.. cfgcmd:: set load-balancing reverse-proxy service logging facility +.. cfgcmd:: set load-balancing haproxy service logging facility level Specify facility and level for logging. @@ -64,12 +64,12 @@ Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly. -.. cfgcmd:: set load-balancing reverse-proxy service rule +.. cfgcmd:: set load-balancing haproxy service rule domain-name Match domain name -.. cfgcmd:: set load-balancing reverse-proxy service rule +.. cfgcmd:: set load-balancing haproxy service rule ssl SSL match Server Name Indication (SNI) option: @@ -79,7 +79,7 @@ perform action accordingly. Indication -.. cfgcmd:: set load-balancing reverse-proxy service rule +.. cfgcmd:: set load-balancing haproxy service rule url-path Allows to define URL path matching rules for a specific service. @@ -92,12 +92,12 @@ perform action accordingly. * ``end`` Matches the end of the URL path. * ``exact`` Requires an exactly match of the URL path -.. cfgcmd:: set load-balancing reverse-proxy service rule +.. cfgcmd:: set load-balancing haproxy service rule set backend Assign a specific backend to a rule -.. cfgcmd:: set load-balancing reverse-proxy service rule +.. cfgcmd:: set load-balancing haproxy service rule redirect-location Redirect URL to a new location @@ -106,7 +106,7 @@ perform action accordingly. Backend ------- -.. cfgcmd:: set load-balancing reverse-proxy backend balance +.. cfgcmd:: set load-balancing haproxy backend balance Load-balancing algorithms to be used for distributed requests among the @@ -120,54 +120,54 @@ Backend * ``least-connection`` Distributes requests to the server with the fewest active connections -.. cfgcmd:: set load-balancing reverse-proxy backend mode +.. cfgcmd:: set load-balancing haproxy backend mode Configure backend `` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy backend server +.. cfgcmd:: set load-balancing haproxy backend server address Set the address of the backend server to which the incoming traffic will be forwarded -.. cfgcmd:: set load-balancing reverse-proxy backend server +.. cfgcmd:: set load-balancing haproxy backend server port Set the address of the backend port -.. cfgcmd:: set load-balancing reverse-proxy backend server +.. cfgcmd:: set load-balancing haproxy backend server check Active health check backend server -.. cfgcmd:: set load-balancing reverse-proxy backend server +.. cfgcmd:: set load-balancing haproxy backend server send-proxy Send a Proxy Protocol version 1 header (text format) -.. cfgcmd:: set load-balancing reverse-proxy backend server +.. cfgcmd:: set load-balancing haproxy backend server send-proxy-v2 Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend ssl +.. cfgcmd:: set load-balancing haproxy backend ssl ca-certificate Configure requests to the backend server to use SSL encryption and authenticate backend against -.. cfgcmd:: set load-balancing reverse-proxy backend ssl no-verify +.. cfgcmd:: set load-balancing haproxy backend ssl no-verify Configure requests to the backend server to use SSL encryption without validating server certificate -.. cfgcmd:: set load-balancing reverse-proxy backend +.. cfgcmd:: set load-balancing haproxy backend http-response-headers value Set custom HTTP headers to be included in all responses using the backend -.. cfgcmd:: set load-balancing reverse-proxy backend logging facility +.. cfgcmd:: set load-balancing haproxy backend logging facility level Specify facility and level for logging. @@ -180,22 +180,22 @@ Global Global parameters -.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections +.. cfgcmd:: set load-balancing haproxy global-parameters max-connections Limit maximum number of connections -.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers +.. cfgcmd:: set load-balancing haproxy global-parameters ssl-bind-ciphers Limit allowed cipher algorithms used during SSL/TLS handshake -.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min +.. cfgcmd:: set load-balancing haproxy global-parameters tls-version-min Specify the minimum required TLS version 1.2 or 1.3 -.. cfgcmd:: set load-balancing reverse-proxy global-parameters logging +.. cfgcmd:: set load-balancing haproxy global-parameters logging facility level Specify facility and level for logging. @@ -212,22 +212,22 @@ HTTP checks For web application providing information about their state HTTP health checks can be used to determine their availability. -.. cfgcmd:: set load-balancing reverse-proxy backend http-check +.. cfgcmd:: set load-balancing haproxy backend http-check Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range. -.. cfgcmd:: set load-balancing reverse-proxy backend http-check +.. cfgcmd:: set load-balancing haproxy backend http-check method Sets the HTTP method to be used, can be either: option, get, post, put -.. cfgcmd:: set load-balancing reverse-proxy backend http-check +.. cfgcmd:: set load-balancing haproxy backend http-check uri Sets the endpoint to be used for health checks -.. cfgcmd:: set load-balancing reverse-proxy backend http-check +.. cfgcmd:: set load-balancing haproxy backend http-check expect Sets the expected result condition for considering a server healthy. @@ -244,7 +244,7 @@ TCP checks Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols: -.. cfgcmd:: set load-balancing reverse-proxy backend health-check +.. cfgcmd:: set load-balancing haproxy backend health-check Available health check protocols: * ``ldap`` LDAP protocol check. @@ -261,15 +261,15 @@ protocol aware checks for a range of Layer 7 protocols: Redirect HTTP to HTTPS ====================== -Configure the load-balancing reverse-proxy service for HTTP. +Configure the load-balancing haproxy service for HTTP. This configuration listen on port 80 and redirect incoming requests to HTTPS: .. code-block:: none - set load-balancing reverse-proxy service http port '80' - set load-balancing reverse-proxy service http redirect-http-to-https + set load-balancing haproxy service http port '80' + set load-balancing haproxy service http redirect-http-to-https The name of the service can be different, in this example it is only for convenience. @@ -287,17 +287,17 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm. .. code-block:: none - set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' - set load-balancing reverse-proxy service my-tcp-api mode 'tcp' - set load-balancing reverse-proxy service my-tcp-api port '8888' + set load-balancing haproxy service my-tcp-api backend 'bk-01' + set load-balancing haproxy service my-tcp-api mode 'tcp' + set load-balancing haproxy service my-tcp-api port '8888' - set load-balancing reverse-proxy backend bk-01 balance 'round-robin' - set load-balancing reverse-proxy backend bk-01 mode 'tcp' + set load-balancing haproxy backend bk-01 balance 'round-robin' + set load-balancing haproxy backend bk-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' - set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' - set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' - set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing haproxy backend bk-01 server srv01 port '8881' + set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing haproxy backend bk-01 server srv02 port '8882' Balancing based on domain name @@ -315,23 +315,23 @@ to the backend ``bk-api-02`` .. code-block:: none - set load-balancing reverse-proxy service http description 'bind app listen on 443 port' - set load-balancing reverse-proxy service http mode 'tcp' - set load-balancing reverse-proxy service http port '80' + set load-balancing haproxy service http description 'bind app listen on 443 port' + set load-balancing haproxy service http mode 'tcp' + set load-balancing haproxy service http port '80' - set load-balancing reverse-proxy service http rule 10 domain-name 'node1.example.com' - set load-balancing reverse-proxy service http rule 10 set backend 'bk-api-01' - set load-balancing reverse-proxy service http rule 20 domain-name 'node2.example.com' - set load-balancing reverse-proxy service http rule 20 set backend 'bk-api-02' + set load-balancing haproxy service http rule 10 domain-name 'node1.example.com' + set load-balancing haproxy service http rule 10 set backend 'bk-api-01' + set load-balancing haproxy service http rule 20 domain-name 'node2.example.com' + set load-balancing haproxy service http rule 20 set backend 'bk-api-02' - set load-balancing reverse-proxy backend bk-api-01 description 'My API-1' - set load-balancing reverse-proxy backend bk-api-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-api-01 server api01 address '127.0.0.1' - set load-balancing reverse-proxy backend bk-api-01 server api01 port '4431' - set load-balancing reverse-proxy backend bk-api-02 description 'My API-2' - set load-balancing reverse-proxy backend bk-api-02 mode 'tcp' - set load-balancing reverse-proxy backend bk-api-02 server api01 address '127.0.0.2' - set load-balancing reverse-proxy backend bk-api-02 server api01 port '4432' + set load-balancing haproxy backend bk-api-01 description 'My API-1' + set load-balancing haproxy backend bk-api-01 mode 'tcp' + set load-balancing haproxy backend bk-api-01 server api01 address '127.0.0.1' + set load-balancing haproxy backend bk-api-01 server api01 port '4431' + set load-balancing haproxy backend bk-api-02 description 'My API-2' + set load-balancing haproxy backend bk-api-02 mode 'tcp' + set load-balancing haproxy backend bk-api-02 server api01 address '127.0.0.2' + set load-balancing haproxy backend bk-api-02 server api01 port '4432' Terminate SSL @@ -357,30 +357,30 @@ connection limit of 4000 and a minimum TLS version of 1.3. .. code-block:: none - set load-balancing reverse-proxy service http description 'Force redirect to HTTPS' - set load-balancing reverse-proxy service http port '80' - set load-balancing reverse-proxy service http redirect-http-to-https + set load-balancing haproxy service http description 'Force redirect to HTTPS' + set load-balancing haproxy service http port '80' + set load-balancing haproxy service http redirect-http-to-https - set load-balancing reverse-proxy service https backend 'bk-default' - set load-balancing reverse-proxy service https description 'listen on 443 port' - set load-balancing reverse-proxy service https mode 'http' - set load-balancing reverse-proxy service https port '443' - set load-balancing reverse-proxy service https ssl certificate 'cert' - set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' + set load-balancing haproxy service https backend 'bk-default' + set load-balancing haproxy service https description 'listen on 443 port' + set load-balancing haproxy service https mode 'http' + set load-balancing haproxy service https port '443' + set load-balancing haproxy service https ssl certificate 'cert' + set load-balancing haproxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' - set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx' - set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/' - set load-balancing reverse-proxy service https rule 20 url-path end '/mail' - set load-balancing reverse-proxy service https rule 20 url-path exact '/email/bar' - set load-balancing reverse-proxy service https rule 20 set redirect-location '/postfix/' + set load-balancing haproxy service https rule 10 url-path exact '/.well-known/xxx' + set load-balancing haproxy service https rule 10 set redirect-location '/certs/' + set load-balancing haproxy service https rule 20 url-path end '/mail' + set load-balancing haproxy service https rule 20 url-path exact '/email/bar' + set load-balancing haproxy service https rule 20 set redirect-location '/postfix/' - set load-balancing reverse-proxy backend bk-default description 'Default backend' - set load-balancing reverse-proxy backend bk-default mode 'http' - set load-balancing reverse-proxy backend bk-default server sr01 address '192.0.2.23' - set load-balancing reverse-proxy backend bk-default server sr01 port '80' + set load-balancing haproxy backend bk-default description 'Default backend' + set load-balancing haproxy backend bk-default mode 'http' + set load-balancing haproxy backend bk-default server sr01 address '192.0.2.23' + set load-balancing haproxy backend bk-default server sr01 port '80' - set load-balancing reverse-proxy global-parameters max-connections '4000' - set load-balancing reverse-proxy global-parameters tls-version-min '1.3' + set load-balancing haproxy global-parameters max-connections '4000' + set load-balancing haproxy global-parameters tls-version-min '1.3' SSL Bridging @@ -402,17 +402,17 @@ and checks backend server has a valid certificate trusted by CA ``cacert`` .. code-block:: none - set load-balancing reverse-proxy service https backend 'bk-bridge-ssl' - set load-balancing reverse-proxy service https description 'listen on 443 port' - set load-balancing reverse-proxy service https mode 'http' - set load-balancing reverse-proxy service https port '443' - set load-balancing reverse-proxy service https ssl certificate 'cert' + set load-balancing haproxy service https backend 'bk-bridge-ssl' + set load-balancing haproxy service https description 'listen on 443 port' + set load-balancing haproxy service https mode 'http' + set load-balancing haproxy service https port '443' + set load-balancing haproxy service https ssl certificate 'cert' - set load-balancing reverse-proxy backend bk-bridge-ssl description 'SSL backend' - set load-balancing reverse-proxy backend bk-bridge-ssl mode 'http' - set load-balancing reverse-proxy backend bk-bridge-ssl ssl ca-certificate 'cacert' - set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23' - set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443' + set load-balancing haproxy backend bk-bridge-ssl description 'SSL backend' + set load-balancing haproxy backend bk-bridge-ssl mode 'http' + set load-balancing haproxy backend bk-bridge-ssl ssl ca-certificate 'cacert' + set load-balancing haproxy backend bk-bridge-ssl server sr01 address '192.0.2.23' + set load-balancing haproxy backend bk-bridge-ssl server sr01 port '443' Balancing with HTTP health checks @@ -422,21 +422,21 @@ This configuration enables HTTP health checks on backend servers. .. code-block:: none - set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' - set load-balancing reverse-proxy service my-tcp-api mode 'tcp' - set load-balancing reverse-proxy service my-tcp-api port '8888' + set load-balancing haproxy service my-tcp-api backend 'bk-01' + set load-balancing haproxy service my-tcp-api mode 'tcp' + set load-balancing haproxy service my-tcp-api port '8888' - set load-balancing reverse-proxy backend bk-01 balance 'round-robin' - set load-balancing reverse-proxy backend bk-01 mode 'tcp' + set load-balancing haproxy backend bk-01 balance 'round-robin' + set load-balancing haproxy backend bk-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-01 http-check method 'get' - set load-balancing reverse-proxy backend bk-01 http-check uri '/health' - set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200' + set load-balancing haproxy backend bk-01 http-check method 'get' + set load-balancing haproxy backend bk-01 http-check uri '/health' + set load-balancing haproxy backend bk-01 http-check expect 'status 200' - set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' - set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' - set load-balancing reverse-proxy backend bk-01 server srv01 check - set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' - set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' - set load-balancing reverse-proxy backend bk-01 server srv02 check + set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing haproxy backend bk-01 server srv01 port '8881' + set load-balancing haproxy backend bk-01 server srv01 check + set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing haproxy backend bk-01 server srv02 port '8882' + set load-balancing haproxy backend bk-01 server srv02 check diff --git a/docs/configuration/loadbalancing/index.rst b/docs/configuration/loadbalancing/index.rst index 382bd0d7..92dcc622 100644 --- a/docs/configuration/loadbalancing/index.rst +++ b/docs/configuration/loadbalancing/index.rst @@ -9,4 +9,4 @@ Load-balancing :includehidden: wan - reverse-proxy + haproxy