diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i new file mode 100644 index 000000000..907ea1e5e --- /dev/null +++ b/interface-definitions/include/version/reverseproxy-version.xml.i @@ -0,0 +1,3 @@ +<!-- include start from include/version/reverseproxy-version.xml.i --> +<syntaxVersion component='reverse-proxy' version='1'></syntaxVersion> +<!-- include end --> diff --git a/interface-definitions/load-balancing_reverse-proxy.xml.in b/interface-definitions/load-balancing_reverse-proxy.xml.in index 011e1b53c..e50e6e579 100644 --- a/interface-definitions/load-balancing_reverse-proxy.xml.in +++ b/interface-definitions/load-balancing_reverse-proxy.xml.in @@ -1,322 +1,309 @@ <?xml version="1.0"?> <interfaceDefinition> <node name="load-balancing"> <children> <node name="reverse-proxy" owner="${vyos_conf_scripts_dir}/load-balancing_reverse-proxy.py"> <properties> <help>Configure reverse-proxy</help> </properties> <children> <tagNode name="service"> <properties> <help>Frontend service name</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> <children> <leafNode name="backend"> <properties> <help>Backend member</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> <valueHelp> <format>txt</format> <description>Name of reverse-proxy backend system</description> </valueHelp> <completionHelp> <path>load-balancing reverse-proxy backend</path> </completionHelp> <multi/> </properties> </leafNode> #include <include/generic-description.xml.i> #include <include/listen-address.xml.i> #include <include/haproxy/mode.xml.i> #include <include/port-number.xml.i> #include <include/haproxy/rule-frontend.xml.i> #include <include/haproxy/tcp-request.xml.i> #include <include/haproxy/http-response-headers.xml.i> <leafNode name="redirect-http-to-https"> <properties> <help>Redirect HTTP to HTTPS</help> <valueless/> </properties> </leafNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> </properties> <children> #include <include/pki/certificate-multi.xml.i> </children> </node> </children> </tagNode> <tagNode name="backend"> <properties> <help>Backend server name</help> <constraint> #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> <children> <leafNode name="balance"> <properties> <help>Load-balancing algorithm</help> <completionHelp> <list>source-address round-robin least-connection</list> </completionHelp> <valueHelp> <format>source-address</format> <description>Based on hash of source IP address</description> </valueHelp> <valueHelp> <format>round-robin</format> <description>Round robin</description> </valueHelp> <valueHelp> <format>least-connection</format> <description>Least connection</description> </valueHelp> <constraint> <regex>(source-address|round-robin|least-connection)</regex> </constraint> </properties> <defaultValue>round-robin</defaultValue> </leafNode> #include <include/generic-description.xml.i> #include <include/haproxy/mode.xml.i> #include <include/haproxy/http-response-headers.xml.i> - <node name="parameters"> - <properties> - <help>Backend parameters</help> - </properties> - <children> - <leafNode name="http-check"> - <properties> - <help>HTTP health check</help> - <valueless/> - </properties> - </leafNode> - </children> - </node> <node name="http-check"> <properties> <help>HTTP check configuration</help> </properties> <children> <leafNode name="method"> <properties> <help>HTTP method used for health check</help> <completionHelp> <list>options head get post put</list> </completionHelp> <valueHelp> <format>options|head|get|post|put</format> <description>HTTP method used for health checking</description> </valueHelp> <constraint> <regex>(options|head|get|post|put)</regex> </constraint> </properties> </leafNode> <leafNode name="uri"> <properties> <help>URI used for HTTP health check (Example: '/' or '/health')</help> <constraint> <regex>^\/([^?#\s]*)(\?[^#\s]*)?$</regex> </constraint> </properties> </leafNode> <node name="expect"> <properties> <help>Expected response for the health check to pass</help> </properties> <children> <leafNode name="status"> <properties> <help>Expected response status code for the health check to pass</help> <valueHelp> <format>u32:200-399</format> <description>Expected response code</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 200-399"/> </constraint> <constraintErrorMessage>Status code must be in range 200-399</constraintErrorMessage> </properties> </leafNode> <leafNode name="string"> <properties> <help>Expected to be in response body for the health check to pass</help> <valueHelp> <format>txt</format> <description>A string expected to be in the response</description> </valueHelp> </properties> </leafNode> </children> </node> </children> </node> #include <include/haproxy/rule-backend.xml.i> <tagNode name="server"> <properties> <help>Backend server name</help> </properties> <children> <leafNode name="address"> <properties> <help>Backend server address</help> <valueHelp> <format>ipv4</format> <description>IPv4 unicast peer address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 unicast peer address</description> </valueHelp> <constraint> <validator name="ip-address"/> </constraint> </properties> </leafNode> <leafNode name="backup"> <properties> <help>Use backup server if other servers are not available</help> <valueless/> </properties> </leafNode> <leafNode name="check"> <properties> <help>Active health check backend server</help> <valueless/> </properties> </leafNode> #include <include/port-number.xml.i> <leafNode name="send-proxy"> <properties> <help>Send a Proxy Protocol version 1 header (text format)</help> <valueless/> </properties> </leafNode> <leafNode name="send-proxy-v2"> <properties> <help>Send a Proxy Protocol version 2 header (binary format)</help> <valueless/> </properties> </leafNode> </children> </tagNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA</help> </properties> <children> #include <include/pki/ca-certificate.xml.i> <leafNode name="no-verify"> <properties> <help>Do not attempt to verify SSL certificates for backend servers</help> <valueless/> </properties> </leafNode> </children> </node> #include <include/haproxy/timeout.xml.i> </children> </tagNode> <node name="global-parameters"> <properties> <help>Global perfomance parameters and limits</help> </properties> <children> <leafNode name="max-connections"> <properties> <help>Maximum allowed connections</help> <valueHelp> <format>u32:1-2000000</format> <description>Maximum allowed connections</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-2000000"/> </constraint> </properties> </leafNode> <leafNode name="ssl-bind-ciphers"> <properties> <help>Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers</help> <completionHelp> <list>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</list> </completionHelp> <valueHelp> <format>ecdhe-ecdsa-aes128-gcm-sha256</format> <description>ecdhe-ecdsa-aes128-gcm-sha256</description> </valueHelp> <valueHelp> <format>ecdhe-rsa-aes128-gcm-sha256</format> <description>ecdhe-rsa-aes128-gcm-sha256</description> </valueHelp> <valueHelp> <format>ecdhe-ecdsa-aes256-gcm-sha384</format> <description>ecdhe-ecdsa-aes256-gcm-sha384</description> </valueHelp> <valueHelp> <format>ecdhe-rsa-aes256-gcm-sha384</format> <description>ecdhe-rsa-aes256-gcm-sha384</description> </valueHelp> <valueHelp> <format>ecdhe-ecdsa-chacha20-poly1305</format> <description>ecdhe-ecdsa-chacha20-poly1305</description> </valueHelp> <valueHelp> <format>ecdhe-rsa-chacha20-poly1305</format> <description>ecdhe-rsa-chacha20-poly1305</description> </valueHelp> <valueHelp> <format>dhe-rsa-aes128-gcm-sha256</format> <description>dhe-rsa-aes128-gcm-sha256</description> </valueHelp> <valueHelp> <format>dhe-rsa-aes256-gcm-sha384</format> <description>dhe-rsa-aes256-gcm-sha384</description> </valueHelp> <constraint> <regex>(ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384)</regex> </constraint> <multi/> </properties> <defaultValue>ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384</defaultValue> </leafNode> <leafNode name="tls-version-min"> <properties> <help>Specify the minimum required TLS version</help> <completionHelp> <list>1.2 1.3</list> </completionHelp> <valueHelp> <format>1.2</format> <description>TLS v1.2</description> </valueHelp> <valueHelp> <format>1.3</format> <description>TLS v1.3</description> </valueHelp> <constraint> <regex>(1.2|1.3)</regex> </constraint> </properties> <defaultValue>1.3</defaultValue> </leafNode> </children> </node> #include <include/interface/vrf.xml.i> </children> </node> </children> </node> </interfaceDefinition> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 51a28ef57..3785a7942 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -1,50 +1,51 @@ <?xml version="1.0"?> <interfaceDefinition> #include <include/version/bgp-version.xml.i> #include <include/version/broadcast-relay-version.xml.i> #include <include/version/cluster-version.xml.i> #include <include/version/config-management-version.xml.i> #include <include/version/conntrack-sync-version.xml.i> #include <include/version/conntrack-version.xml.i> #include <include/version/container-version.xml.i> #include <include/version/dhcp-relay-version.xml.i> #include <include/version/dhcp-server-version.xml.i> #include <include/version/dhcpv6-server-version.xml.i> #include <include/version/dns-dynamic-version.xml.i> #include <include/version/dns-forwarding-version.xml.i> #include <include/version/firewall-version.xml.i> #include <include/version/flow-accounting-version.xml.i> #include <include/version/https-version.xml.i> #include <include/version/interfaces-version.xml.i> #include <include/version/ids-version.xml.i> #include <include/version/ipoe-server-version.xml.i> #include <include/version/ipsec-version.xml.i> #include <include/version/isis-version.xml.i> #include <include/version/l2tp-version.xml.i> #include <include/version/lldp-version.xml.i> #include <include/version/mdns-version.xml.i> #include <include/version/monitoring-version.xml.i> #include <include/version/nat66-version.xml.i> #include <include/version/nat-version.xml.i> #include <include/version/ntp-version.xml.i> #include <include/version/openconnect-version.xml.i> #include <include/version/ospf-version.xml.i> #include <include/version/pim-version.xml.i> #include <include/version/policy-version.xml.i> #include <include/version/pppoe-server-version.xml.i> #include <include/version/pptp-version.xml.i> #include <include/version/qos-version.xml.i> #include <include/version/quagga-version.xml.i> #include <include/version/rip-version.xml.i> #include <include/version/rpki-version.xml.i> #include <include/version/salt-version.xml.i> #include <include/version/snmp-version.xml.i> #include <include/version/ssh-version.xml.i> #include <include/version/sstp-version.xml.i> #include <include/version/system-version.xml.i> #include <include/version/vrf-version.xml.i> #include <include/version/vrrp-version.xml.i> #include <include/version/vyos-accel-ppp-version.xml.i> #include <include/version/wanloadbalance-version.xml.i> #include <include/version/webproxy-version.xml.i> + #include <include/version/reverseproxy-version.xml.i> </interfaceDefinition> diff --git a/src/migration-scripts/reverse-proxy/0-to-1 b/src/migration-scripts/reverse-proxy/0-to-1 new file mode 100755 index 000000000..d61493815 --- /dev/null +++ b/src/migration-scripts/reverse-proxy/0-to-1 @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T6409: Remove unused 'backend bk-example parameters' node + +from sys import argv, exit +from vyos.configtree import ConfigTree + +if len(argv) < 2: + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) +base = ['load-balancing', 'reverse-proxy', 'backend'] +if not config.exists(base): + # Nothing to do + exit(0) + +# we need to run this for every configured network +for backend in config.list_nodes(base): + param_node = base + [backend, 'parameters'] + if config.exists(param_node): + config.delete(param_node) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1)