Page MenuHomeVyOS Platform
Create Task
Maniphest T6178

Reverse-proxy should check that certificate exists during commit
Closed, ResolvedPublicBUG
Actions

Description

Add random cert name to the configuration of reverse-proxy:

set load-balancing reverse-proxy service http description 'Force redirect to HTTPS'
set load-balancing reverse-proxy service http port '80'
set load-balancing reverse-proxy service http redirect-http-to-https

set load-balancing reverse-proxy service https backend 'bk-default'
set load-balancing reverse-proxy service https description 'listen on 443 port'
set load-balancing reverse-proxy service https mode 'http'
set load-balancing reverse-proxy service https port '443'
set load-balancing reverse-proxy service https ssl certificate 'cert'

set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx'
set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/'
set load-balancing reverse-proxy service https rule 20 url-path end '/mail'
set load-balancing reverse-proxy service https rule 20 url-path exact '/email/bar'
set load-balancing reverse-proxy service https rule 20 set redirect-location '/postfix/'

set load-balancing reverse-proxy backend bk-default description 'Default backend'
set load-balancing reverse-proxy backend bk-default mode 'http'
set load-balancing reverse-proxy backend bk-default server sr01 address '192.0.2.23'
set load-balancing reverse-proxy backend bk-default server sr01 port '80'

set load-balancing reverse-proxy global-parameters max-connections '4000'
set load-balancing reverse-proxy global-parameters tls-version-min '1.3'

I don't have any PKI configuration, needs to check this case

vyos@r4# commit
[ load-balancing reverse-proxy ]
VyOS had an issue completing a command.

Report time:      2024-03-27 23:27:42
Image version:    VyOS 1.5-rolling-202403250019
Release train:    current

Built by:         [email protected]
Built on:         Mon 25 Mar 2024 02:22 UTC
Build UUID:       84776b7b-9db0-4cf4-ac05-9a6fcf1e9128
Build commit ID:  e765407943321f

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    166cfd25-7d3a-4eca-9ef6-0b655c9acf0f

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/load-balancing_reverse-proxy.py", line 162, in <module>
    generate(c)
  File "/usr/libexec/vyos/conf_mode/load-balancing_reverse-proxy.py", line 111, in generate
    pki_cert = lb['pki']['certificate'][cert_name]
               ~~~~~~~~~^^^^^^^^^^^^^^^
KeyError: 'certificate'



[[load-balancing]] failed
Commit failed
[edit]
vyos@r4#

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202403250019
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)