Haproxy multi-line config

Asked 10/12, 2018 at 20:48 Answered 6/7, 2023 at 4:11

Is it possible to split configuration arguments (in haproxy.cfg) onto multiple lines?

Example

Current

frontend
     https-in bind :443 ssl strict-sni crt </path/to/cert1.pem> crt </path/to/cert2.pem> crt </path/to/cert3.pem> ...

Ideal

frontend 
    https-in bind :443 ssl strict-sni
        crt </path/to/cert1.pem>
        crt </path/to/cert2.pem>
        crt </path/to/cert3.pem>
        ...

Error when trying ideal

$ /usr/sbin/haproxy -c -V -f /etc/haproxy/haproxy.cfg
[ALERT] 343/210133 (25646) : parsing [/etc/haproxy/haproxy.cfg:45] : unknown keyword 'crt' in 'frontend' section
[ALERT] 343/210133 (25646) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 343/210133 (25646) : Fatal errors found in configuration.

Firebug answered 10/12, 2018 at 20:48 Comment(5)

What problem do you encounter when you split the lines? – Grimy 10/12, 2018 at 20:58

@JeroenHeier I get this error: [ALERT] 343/210133 (25646) : parsing [/etc/haproxy/haproxy.cfg:45] : unknown keyword 'crt' in 'frontend' section – Firebug 10/12, 2018 at 21:3

(edit) Added configtest output to the question. – Firebug 10/12, 2018 at 21:10

How are you generating the config file? If those means allow you could populate from variables or similar in your generation code to make writing the config easier. For example, we generate the config via a chef cookbook and thus don't set anything directly in the haproxy.cfg but instead through variables. – Drowsy 11/12, 2018 at 4:55

you can use crt-list file name with all certs path. It would be clean. – Diction 17/9, 2019 at 14:18

You can't do multiline syntax in the haproxy.cfg.

Take a look at the file format documentation: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#2.1

Update:

Thanks to the comment from Venky I see that there is also the option to use crt-list which does provide an option for multi line pem file references. https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.1-crt-list

the improved config will be:

frontend 
    https-in bind :443 ssl strict-sni
    crt-list </path/to/list.txt>
        ...

the list.txt:

</path/to/cert1.pem>
</path/to/cert2.pem>
</path/to/cert3.pem>

Drowsy answered 11/12, 2018 at 4:53 Comment(0)

-1

NO, you already known:
parameters continuation at new line is not supported.

If it's about long line readability, maybe another workaround:

use crt-base to short the crt <file_path> (by put them in same dir)
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#crt-base

the conf will be looks like (still not very good):

global
   crt-base /etc/haproxy/crt_dir
   ...

...

frontend
     https-in bind :443 ssl strict-sni crt cert1.pem crt cert2.pem crt cert3.pem ...

Junto answered 6/7, 2023 at 4:11 Comment(0)

Example

Current

Ideal

Error when trying ideal

Recommended topics

Hot tags