just forgot to include the version: HA-Proxy version 1.5-dev25-a339395 
2014/05/10

On 13/06/2014 10:04, kiorky wrote:
> Hi we use here a generator for haproxy configs and this one generates amongst
> all https frontend using SNI to redirect to endspoints.
> Basically, we host lot of VMS and the host is NATing/redirecting every served
> domain to the underlying VM and when we use https.
> In other words, it terminates SSL on the haproxy front and we are using a
> certicate per VM.
> Technically, this was as simple as adding a crt <crt> for each vm...
> This setup worked fine and without a glitch for a time, but it's falling on
> one host as the generated bind line  seems to be too long:
>
> bind *:443 ssl crt /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt crt
> /etc/ssl/cloud/certs/prod-appapp1.this-company.net.crt crt
> /etc/ssl/cloud/certs/appapp1.this-company.net.crt crt
> /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt crt
> /etc/ssl/cloud/certs/someth-else.be.crt crt
> /etc/ssl/cloud/certs/someth-else.com.crt crt
> /etc/ssl/cloud/certs/someth-else.eu.crt crt
> /etc/ssl/cloud/certs/someth-else.fr.crt crt
> /etc/ssl/cloud/certs/someth-else.mobi.crt crt
> /etc/ssl/cloud/certs/someth-else.net.crt crt
> /etc/ssl/cloud/certs/someth-else.org.crt crt
> /etc/ssl/cloud/certs/somethelse.be.crt crt
> /etc/ssl/cloud/certs/somethelse.com.crt crt
> /etc/ssl/cloud/certs/somethelse.eu.crt crt
> /etc/ssl/cloud/certs/somethelse.fr.crt crt
> /etc/ssl/cloud/certs/somethelse.mobi.crt crt
> /etc/ssl/cloud/certs/somethelse.net.crt crt
> /etc/ssl/cloud/certs/somethelse.org.crt crt
> /etc/ssl/cloud/certs/e-cov.somethelse.net.crt crt
> /etc/ssl/cloud/certs/appappapp3.somethelse.net.crt crt
> /etc/ssl/cloud/certs/www.someth-else.be.crt crt
> /etc/ssl/cloud/certs/www.someth-else.com.crt crt
> /etc/ssl/cloud/certs/www.someth-else.eu.crt crt
> /etc/ssl/cloud/certs/www.someth-else.fr.crt crt
> /etc/ssl/cloud/certs/www.someth-else.mobi.crt crt
> /etc/ssl/cloud/certs/www.someth-else.org.crt crt
> /etc/ssl/cloud/certs/www.somethelse.be.crt crt
> /etc/ssl/cloud/certs/www.somethelse.com.crt crt
> /etc/ssl/cloud/certs/www.somethelse.eu.crt crt
> /etc/ssl/cloud/certs/www.somethelse.fr.crt crt
> /etc/ssl/cloud/certs/www.somethelse.mobi.crt crt
> /etc/ssl/cloud/certs/www.somethelse.net.crt crt
> /etc/ssl/cloud/certs/www.somethelse.org.crt crt
> /etc/ssl/cloud/certs/www2.somethelse.com.crt crt
> /etc/ssl/cloud/certs/www2.somethelse.eu.crt crt
> /etc/ssl/cloud/certs/www2.somethelse.fr.crt crt
> /etc/ssl/cloud/certs/www2.somethelse.net.crt crt
> /etc/ssl/cloud/certs/www2.somethelse.org.crt crt
> /etc/ssl/cloud/certs/prod-appapp4.this-company.net.crt crt
> /etc/ssl/cloud/certs/appapp4.this-company.net.crt
> (this line is edited but is as long as the original one)
>
> This is how haproxy complains at restart:
> [ALERT] 163/095929 (3094) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:180]: line too long, truncating at
> word 65, position 1438:  ...
> [ALERT] 163/095929 (3094) : parsing
> [/etc/haproxy/extra/cloudcontroller.cfg:180] : 'bind *:443' : 'crt' : missing
> certificate location
> [ALERT] 163/095929 (3094) : Error(s) found in configuration file :
> /etc/haproxy/extra/cloudcontroller.cfg
>
>
> As it first truncates the bind content, it then without surprises fails to 
> load.
>
> Is this affordable just to increase the bind argument size limit, maybe to
> something enoughly large that no one can reach this limit ?
>
> -- 
> Cordialement,
> KiOrKY
> GPG Key FingerPrint: 0x1A1194B7681112AF
> Pensez à l’environnement. 
> N’imprimez ce courriel que si vous en avez vraiment besoin.

-- 
Cordialement,
KiOrKY
GPG Key FingerPrint: 0x1A1194B7681112AF
Pensez à l’environnement. 
N’imprimez ce courriel que si vous en avez vraiment besoin.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to