Re: long bind lines causes config not to be loaded

Fri, 13 Jun 2014 01:33:28 -0700 

Ok,
So now i have a working solution:

crt /clouds/default crt /clouds

HOWEVER i dont suceed in using crt-list which i would prefer as it is more 
explicit:
So i think i'm not using the right syntax to give something on a newline.


    bind *:443 ssl crt  /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt
crt-list  /etc/ssl/cloud/certs/prod-foosql.this-company.net.crt
         crt-list  /etc/ssl/cloud/certs/foosql.this-company.net.crt
         crt-list  /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.be.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.com.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.eu.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.fr.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.mobi.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.net.crt
         crt-list  /etc/ssl/cloud/certs/someth-else.org.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.be.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.com.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.eu.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.fr.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.mobi.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.net.crt
         crt-list  /etc/ssl/cloud/certs/somethelse.org.crt
         crt-list  /etc/ssl/cloud/certs/e-nnn.somethelse.net.crt
         crt-list  /etc/ssl/cloud/certs/too-mobile.somethelse.net.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.be.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.com.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.eu.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.fr.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.mobi.crt
         crt-list  /etc/ssl/cloud/certs/www.someth-else.org.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.be.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.com.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.eu.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.fr.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.mobi.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.net.crt
         crt-list  /etc/ssl/cloud/certs/www.somethelse.org.crt
         crt-list  /etc/ssl/cloud/certs/www2.somethelse.com.crt
         crt-list  /etc/ssl/cloud/certs/www2.somethelse.eu.crt
         crt-list  /etc/ssl/cloud/certs/www2.somethelse.fr.crt
         crt-list  /etc/ssl/cloud/certs/www2.somethelse.net.crt
         crt-list  /etc/ssl/cloud/certs/www2.somethelse.org.crt
         crt-list  /etc/ssl/cloud/certs/prod-c.this-company.net.crt
         crt-list  /etc/ssl/cloud/certs/c.this-company.net.crt


Gives:
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:182]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:183]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:184]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:185]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:186]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:187]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:188]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:189]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:190]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:191]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:192]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:193]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:194]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:195]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:196]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:197]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:198]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:199]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:200]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:201]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:202]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:203]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:204]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:205]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:206]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:207]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:208]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:209]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:210]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:211]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:212]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:213]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:214]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:215]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:216]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:217]
: unknown keyword 'crt-list' in 'frontend' section
[ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:218]
: unknown keyword 'crt-list' in 'frontend' section





On 13/06/2014 10:12, Nicolas Zedde wrote:
> Hi,
>
> You should use the crt-list option in your bind line, and use a file listing 
> your certificates (one per line)
>
> Example :
> bind *:443 ssl crt-list /etc/haproxy/certificates
>
> Regards,
>
> Nicolas.
>
>> Hi we use here a generator for haproxy configs and this one generates 
>> amongst all https frontend using SNI to redirect to endspoints.
>> Basically, we host lot of VMS and the host is NATing/redirecting every 
>> served domain to the underlying VM and when we use https.
>> In other words, it terminates SSL on the haproxy front and we are using a 
>> certicate per VM.
>> Technically, this was as simple as adding a crt <crt> for each vm...
>> This setup worked fine and without a glitch for a time, but it's falling on 
>> one host as the generated bind line  seems to be too long:

-- 
Cordialement,
KiOrKY
GPG Key FingerPrint: 0x1A1194B7681112AF
Pensez à l’environnement. 
N’imprimez ce courriel que si vous en avez vraiment besoin.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to