Re: long bind lines causes config not to be loaded

kiorky Fri, 13 Jun 2014 01:34:27 -0700

Oh, i think i understood too late your mail :)

Trying so to put my certificates paths  in a file listing them...


On 13/06/2014 10:32, kiorky wrote:
> Ok,
> So now i have a working solution:
>
> crt /clouds/default crt /clouds
>
> HOWEVER i dont suceed in using crt-list which i would prefer as it is more
> explicit:
> So i think i'm not using the right syntax to give something on a newline.
>
>
>     bind *:443 ssl crt  /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt
> crt-list  /etc/ssl/cloud/certs/prod-foosql.this-company.net.crt
>          crt-list  /etc/ssl/cloud/certs/foosql.this-company.net.crt
>          crt-list  /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.be.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.com.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.eu.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.fr.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.mobi.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.net.crt
>          crt-list  /etc/ssl/cloud/certs/someth-else.org.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.be.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.com.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.eu.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.fr.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.mobi.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.net.crt
>          crt-list  /etc/ssl/cloud/certs/somethelse.org.crt
>          crt-list  /etc/ssl/cloud/certs/e-nnn.somethelse.net.crt
>          crt-list  /etc/ssl/cloud/certs/too-mobile.somethelse.net.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.be.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.com.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.eu.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.fr.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.mobi.crt
>          crt-list  /etc/ssl/cloud/certs/www.someth-else.org.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.be.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.com.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.eu.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.fr.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.mobi.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.net.crt
>          crt-list  /etc/ssl/cloud/certs/www.somethelse.org.crt
>          crt-list  /etc/ssl/cloud/certs/www2.somethelse.com.crt
>          crt-list  /etc/ssl/cloud/certs/www2.somethelse.eu.crt
>          crt-list  /etc/ssl/cloud/certs/www2.somethelse.fr.crt
>          crt-list  /etc/ssl/cloud/certs/www2.somethelse.net.crt
>          crt-list  /etc/ssl/cloud/certs/www2.somethelse.org.crt
>          crt-list  /etc/ssl/cloud/certs/prod-c.this-company.net.crt
>          crt-list  /etc/ssl/cloud/certs/c.this-company.net.crt
>
>
> Gives:
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:182] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:183] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:184] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:185] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:186] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:187] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:188] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:189] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:190] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:191] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:192] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:193] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:194] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:195] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:196] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:197] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:198] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:199] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:200] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:201] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:202] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:203] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:204] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:205] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:206] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:207] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:208] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:209] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:210] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:211] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:212] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:213] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:214] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:215] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:216] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:217] : unknown keyword 'crt-list' in
> 'frontend' section
> [ALERT] 163/102836 (4640) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:218] : unknown keyword 'crt-list' in
> 'frontend' section
>
>
>
>
>
> On 13/06/2014 10:12, Nicolas Zedde wrote:
>> Hi,
>>
>> You should use the crt-list option in your bind line, and use a file listing 
>> your certificates (one per line)
>>
>> Example :
>> bind *:443 ssl crt-list /etc/haproxy/certificates
>>
>> Regards,
>>
>> Nicolas.
>>
>>> Hi we use here a generator for haproxy configs and this one generates 
>>> amongst all https frontend using SNI to redirect to endspoints.
>>> Basically, we host lot of VMS and the host is NATing/redirecting every 
>>> served domain to the underlying VM and when we use https.
>>> In other words, it terminates SSL on the haproxy front and we are using a 
>>> certicate per VM.
>>> Technically, this was as simple as adding a crt <crt> for each vm...
>>> This setup worked fine and without a glitch for a time, but it's falling on 
>>> one host as the generated bind line  seems to be too long:
>
> -- 
> Cordialement,
> KiOrKY
> GPG Key FingerPrint: 0x1A1194B7681112AF
> Pensez à l’environnement. 
> N’imprimez ce courriel que si vous en avez vraiment besoin.

-- 
Cordialement,
KiOrKY
GPG Key FingerPrint: 0x1A1194B7681112AF
Pensez à l’environnement. 
N’imprimez ce courriel que si vous en avez vraiment besoin.

signature.asc
Description: OpenPGP digital signature

Re: long bind lines causes config not to be loaded

Reply via email to