HAProxy sets timeouts in milliseconds unless the unit is specified (See https://docs.haproxy.org/2.6/configuration.html#2.5).
The Vyos config expects timeouts in seconds and only allows integers, and does not allow specifying the time unit.
The config also limits the max integer to 3600, so the maximum timeout that is possible to be specified is 3.6 seconds, which is not very flexible.
So for example, if I set timeouts as:
set load-balancing reverse-proxy backend web-servers description 'HTTP Ingress' set load-balancing reverse-proxy backend web-servers mode 'tcp' set load-balancing reverse-proxy backend web-servers server ingress-lon1-uk address '10.254.95.0' set load-balancing reverse-proxy backend web-servers server ingress-lon1-uk port '80' set load-balancing reverse-proxy backend web-servers timeout check '10' set load-balancing reverse-proxy backend web-servers timeout connect '4' set load-balancing reverse-proxy backend web-servers timeout server '180' set load-balancing reverse-proxy service http backend 'web-servers' set load-balancing reverse-proxy service http mode 'tcp' set load-balancing reverse-proxy service http port '80'
The rendered config produces:
# Frontend frontend http bind :::80 v4v6 mode tcp default_backend web-servers # Backend backend web-servers balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } mode http server ingress-lon1-uk 10.254.95.0:80 timeout check 10 timeout connect 4 timeout server 180
This sets the check timeout to 10 milliseconds, the connect timeout to 4 milliseconds, and server timeout to 180 milliseconds, which is incorrect.
I think the options to fix this are:
- Convert the timeout specified in the Vyos config to milliseconds before rendering the haproxy config
- Add the units in the rendered config (ie append s to the timeout in the rendered config)
- Allow setting the unit in the Vyos config - I think this would be the best option, as it gives much more flexibility