just forgot to include the version: HA-Proxy version 1.5-dev25-a339395 2014/05/10
On 13/06/2014 10:04, kiorky wrote: > Hi we use here a generator for haproxy configs and this one generates amongst > all https frontend using SNI to redirect to endspoints. > Basically, we host lot of VMS and the host is NATing/redirecting every served > domain to the underlying VM and when we use https. > In other words, it terminates SSL on the haproxy front and we are using a > certicate per VM. > Technically, this was as simple as adding a crt <crt> for each vm... > This setup worked fine and without a glitch for a time, but it's falling on > one host as the generated bind line seems to be too long: > > bind *:443 ssl crt /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt crt > /etc/ssl/cloud/certs/prod-appapp1.this-company.net.crt crt > /etc/ssl/cloud/certs/appapp1.this-company.net.crt crt > /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt crt > /etc/ssl/cloud/certs/someth-else.be.crt crt > /etc/ssl/cloud/certs/someth-else.com.crt crt > /etc/ssl/cloud/certs/someth-else.eu.crt crt > /etc/ssl/cloud/certs/someth-else.fr.crt crt > /etc/ssl/cloud/certs/someth-else.mobi.crt crt > /etc/ssl/cloud/certs/someth-else.net.crt crt > /etc/ssl/cloud/certs/someth-else.org.crt crt > /etc/ssl/cloud/certs/somethelse.be.crt crt > /etc/ssl/cloud/certs/somethelse.com.crt crt > /etc/ssl/cloud/certs/somethelse.eu.crt crt > /etc/ssl/cloud/certs/somethelse.fr.crt crt > /etc/ssl/cloud/certs/somethelse.mobi.crt crt > /etc/ssl/cloud/certs/somethelse.net.crt crt > /etc/ssl/cloud/certs/somethelse.org.crt crt > /etc/ssl/cloud/certs/e-cov.somethelse.net.crt crt > /etc/ssl/cloud/certs/appappapp3.somethelse.net.crt crt > /etc/ssl/cloud/certs/www.someth-else.be.crt crt > /etc/ssl/cloud/certs/www.someth-else.com.crt crt > /etc/ssl/cloud/certs/www.someth-else.eu.crt crt > /etc/ssl/cloud/certs/www.someth-else.fr.crt crt > /etc/ssl/cloud/certs/www.someth-else.mobi.crt crt > /etc/ssl/cloud/certs/www.someth-else.org.crt crt > /etc/ssl/cloud/certs/www.somethelse.be.crt crt > /etc/ssl/cloud/certs/www.somethelse.com.crt crt > /etc/ssl/cloud/certs/www.somethelse.eu.crt crt > /etc/ssl/cloud/certs/www.somethelse.fr.crt crt > /etc/ssl/cloud/certs/www.somethelse.mobi.crt crt > /etc/ssl/cloud/certs/www.somethelse.net.crt crt > /etc/ssl/cloud/certs/www.somethelse.org.crt crt > /etc/ssl/cloud/certs/www2.somethelse.com.crt crt > /etc/ssl/cloud/certs/www2.somethelse.eu.crt crt > /etc/ssl/cloud/certs/www2.somethelse.fr.crt crt > /etc/ssl/cloud/certs/www2.somethelse.net.crt crt > /etc/ssl/cloud/certs/www2.somethelse.org.crt crt > /etc/ssl/cloud/certs/prod-appapp4.this-company.net.crt crt > /etc/ssl/cloud/certs/appapp4.this-company.net.crt > (this line is edited but is as long as the original one) > > This is how haproxy complains at restart: > [ALERT] 163/095929 (3094) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:180]: line too long, truncating at > word 65, position 1438: ... > [ALERT] 163/095929 (3094) : parsing > [/etc/haproxy/extra/cloudcontroller.cfg:180] : 'bind *:443' : 'crt' : missing > certificate location > [ALERT] 163/095929 (3094) : Error(s) found in configuration file : > /etc/haproxy/extra/cloudcontroller.cfg > > > As it first truncates the bind content, it then without surprises fails to > load. > > Is this affordable just to increase the bind argument size limit, maybe to > something enoughly large that no one can reach this limit ? > > -- > Cordialement, > KiOrKY > GPG Key FingerPrint: 0x1A1194B7681112AF > Pensez à l’environnement. > N’imprimez ce courriel que si vous en avez vraiment besoin. -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF Pensez à l’environnement. N’imprimez ce courriel que si vous en avez vraiment besoin.
signature.asc
Description: OpenPGP digital signature

