Oh, i think i understood too late your mail :) Trying so to put my certificates paths in a file listing them...
On 13/06/2014 10:32, kiorky wrote: > Ok, > So now i have a working solution: > > crt /clouds/default crt /clouds > > HOWEVER i dont suceed in using crt-list which i would prefer as it is more > explicit: > So i think i'm not using the right syntax to give something on a newline. > > > bind *:443 ssl crt /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt > crt-list /etc/ssl/cloud/certs/prod-foosql.this-company.net.crt > crt-list /etc/ssl/cloud/certs/foosql.this-company.net.crt > crt-list /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt > crt-list /etc/ssl/cloud/certs/someth-else.be.crt > crt-list /etc/ssl/cloud/certs/someth-else.com.crt > crt-list /etc/ssl/cloud/certs/someth-else.eu.crt > crt-list /etc/ssl/cloud/certs/someth-else.fr.crt > crt-list /etc/ssl/cloud/certs/someth-else.mobi.crt > crt-list /etc/ssl/cloud/certs/someth-else.net.crt > crt-list /etc/ssl/cloud/certs/someth-else.org.crt > crt-list /etc/ssl/cloud/certs/somethelse.be.crt > crt-list /etc/ssl/cloud/certs/somethelse.com.crt > crt-list /etc/ssl/cloud/certs/somethelse.eu.crt > crt-list /etc/ssl/cloud/certs/somethelse.fr.crt > crt-list /etc/ssl/cloud/certs/somethelse.mobi.crt > crt-list /etc/ssl/cloud/certs/somethelse.net.crt > crt-list /etc/ssl/cloud/certs/somethelse.org.crt > crt-list /etc/ssl/cloud/certs/e-nnn.somethelse.net.crt > crt-list /etc/ssl/cloud/certs/too-mobile.somethelse.net.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.be.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.com.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.eu.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.fr.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.mobi.crt > crt-list /etc/ssl/cloud/certs/www.someth-else.org.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.be.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.com.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.eu.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.fr.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.mobi.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.net.crt > crt-list /etc/ssl/cloud/certs/www.somethelse.org.crt > crt-list /etc/ssl/cloud/certs/www2.somethelse.com.crt > crt-list /etc/ssl/cloud/certs/www2.somethelse.eu.crt > crt-list /etc/ssl/cloud/certs/www2.somethelse.fr.crt > crt-list /etc/ssl/cloud/certs/www2.somethelse.net.crt > crt-list /etc/ssl/cloud/certs/www2.somethelse.org.crt > crt-list /etc/ssl/cloud/certs/prod-c.this-company.net.crt > crt-list /etc/ssl/cloud/certs/c.this-company.net.crt > > > Gives: > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:182] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:183] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:184] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:185] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:186] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:187] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:188] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:189] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:190] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:191] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:192] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:193] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:194] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:195] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:196] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:197] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:198] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:199] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:200] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:201] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:202] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:203] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:204] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:205] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:206] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:207] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:208] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:209] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:210] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:211] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:212] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:213] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:214] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:215] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:216] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:217] : unknown keyword 'crt-list' in > 'frontend' section > [ALERT] 163/102836 (4640) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:218] : unknown keyword 'crt-list' in > 'frontend' section > > > > > > On 13/06/2014 10:12, Nicolas Zedde wrote: >> Hi, >> >> You should use the crt-list option in your bind line, and use a file listing >> your certificates (one per line) >> >> Example : >> bind *:443 ssl crt-list /etc/haproxy/certificates >> >> Regards, >> >> Nicolas. >> >>> Hi we use here a generator for haproxy configs and this one generates >>> amongst all https frontend using SNI to redirect to endspoints. >>> Basically, we host lot of VMS and the host is NATing/redirecting every >>> served domain to the underlying VM and when we use https. >>> In other words, it terminates SSL on the haproxy front and we are using a >>> certicate per VM. >>> Technically, this was as simple as adding a crt <crt> for each vm... >>> This setup worked fine and without a glitch for a time, but it's falling on >>> one host as the generated bind line seems to be too long: > > -- > Cordialement, > KiOrKY > GPG Key FingerPrint: 0x1A1194B7681112AF > Pensez à l’environnement. > N’imprimez ce courriel que si vous en avez vraiment besoin. -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF Pensez à l’environnement. N’imprimez ce courriel que si vous en avez vraiment besoin.
signature.asc
Description: OpenPGP digital signature