Login
- Table of Contents
-
- 06-Layer 3—IP Services Command Reference
- 00-Preface
- 01-ARP commands
- 02-IP addressing commands
- 03-DHCP commands
- 04-DNS commands
- 05-NAT commands
- 06-IP forwarding basics commands
- 07-Fast forwarding commands
- 08-Multi-CPU packet distribution commands
- 09-Adjacency table commands
- 10-IRDP commands
- 11-IP performance optimization commands
- 12-UDP helper commands
- 13-IPv6 basics commands
- 14-DHCPv6 commands
- 15-IPv6 fast forwarding commands
- 16-AFT commands
- 17-Tunneling commands
- 18-GRE commands
- 19-ADVPN commands
- 20-WAAS commands
- 21-HTTP proxy commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 21-HTTP proxy commands | 112.27 KB |
HTTP proxy commands
access-record enable
Use access-record enable to enable the HTTP proxy operation recording and specify the directory for saving the HTTP proxy operation recording file.
Use undo access-record enable to restore the default.
Syntax
access-record enable file-path path
undo access-record enable
Default
The HTTP proxy operation recording is disabled and no directory is specified for saving the HTTP proxy operation recording file.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
file-path path: Specifies a file path. (In standalone mode.)
file-path path: Specifies a file path. The file path specified by the path argument must include the slot number in the format of slotn# to specify the location of the storage media. The n indicates the slot number of the module that has storage media. (In IRF mode.)
Usage guidelines
The proxy information of an HTTP proxy service will be recorded in the HTTP proxy operation recording file in the descending order of the time. For example, the proxy information is recorded in the HTTP proxy operation recording file as follows:
[03/Dec/2019:16:11:35 +0800] Client=2001::1 URL=http://www.domain.com/index.html Server=172.16.28.12:80
· The [03/Dec/2019:16:11:35 +0800] field includes the access time and time zone of the client.
· The 2001::1 field is the IPv6 address of the client.
· The http://www.domain.com/index.html field is the address requested by the client.
· The 172.16.28.12:80 field is the IPv4 address of the Web server accessed by the client.
Examples
# (In standalone mode.) Enable the HTTP proxy operation recording and specify the directory for saving the HTTP proxy operation recording file.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] access-record enable file-path flash:/httpproxy/20191010.log
# (In IRF mode.) Enable the HTTP proxy operation recording and specify the directory for saving the HTTP proxy operation recording file.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] access-record enable file-path slot1#flash:/httpproxy/20191010.log
Related commands
http-proxy service
display http-proxy
Use display http-proxy to display HTTP proxy configuration information.
Syntax
display http-proxy { server-group [ group-name ] | service [ service-name ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
server-group: Specifies a Web server group.
group-name: Specifies a Web server group by its name, a case-insensitive string of 1 to 63 characters. The name can include digits, letters, and underscores (_). If you do not specify a Web server group, this command displays configuration information about all Web server groups.
service: Specifies an HTTP proxy service.
service-name: Specifies an HTTP proxy service by its name, a case-insensitive string of 1 to 63 characters. The name can include digits, letters, and underscores (_). If you do not specify an HTTP proxy service, this command displays configuration information about all HTTP proxy services.
Examples
# Display the configuration information about Web server group test.
<Sysname> display http-proxy server-group test
Server group name: test
Protocol type: http
Server IP addresses: 192.168.10.10
192.168.10.12
192.168.10.14:8080
Table 1 Command output
|
Field |
Description |
|
Server group name |
Web server group name. |
|
Protocol type |
Protocol type of the Web server group. This field displays N/A if no protocol type is specified for the Web server group. |
|
Server IP addresses |
IP addresses and port numbers of the Web servers in the Web server group. This field displays N/A if no Web server is in the Web server group. |
# Display the configuration information about HTTP proxy service test.
<Sysname> display http-proxy service test
Service name: test
IPv6 address: 2001::1
Domain name: test.gov.cn
Protocol types: HTTP at port 8000
HTTP [Server group: testa]
HTTP at port 8001 [Server group: testa]
HTTPS at port 8003
HTTPS [Server group: testb]
HTTPS at port 8002 [Server group: testb]
SSL certificate file: flash:/cert.pem
SSL certificate key-file: flash:/cert.key
Hyperlink proxy strings: www.hyperlink.org
DNS server: 8.8.8.8
IP pools: 1.1.1.1 to 1.1.1.2 vpn1
2.2.2.1 to 2.2.3.1
Medialink proxy: Enabled
HTTP proxy operation recording: Enabled
Operation record file path: flash:/httpproxy/20191010.log
HTTP proxy status: Enabled
Table 2 Command output
|
Field |
Description |
|
HTTP proxy name |
HTTP proxy service name. |
|
IPv6 address |
IPv6 address specified for the HTTP proxy service, which can be resolved from the specified domain name. This field displays N/A if no IPv6 address is specified for the HTTP proxy service. |
|
Domain name |
Domain name specified for the HTTP proxy service, which can be resolved to the specified IPv6 address. This field displays N/A if no domain name is specified for the HTTP proxy service. |
|
Protocol types |
Protocol types specified for the HTTP proxy service, listening port number, and the Web server groups bound to the HTTP proxy service. This field displays N/A if no protocol types are specified for the HTTP proxy service. |
|
SSL certificate file |
SSL certificate file specified for the HTTP proxy service. This field displays N/A if no SSL certificate file is specified for the HTTP proxy service. |
|
SSL certificate key-file |
SSL certificate key file specified for the HTTP proxy service. This field displays N/A if no SSL certificate key file is specified for the HTTP proxy service. |
|
Hyperlink proxy strings |
External hyperlink match strings specified for the HTTP proxy service. This field displays N/A if no external hyperlink strings are specified for the HTTP proxy service. |
|
DNS server |
IP address of the DNS server. This field displays N/A if no IP address is specified for the DNS server. |
|
IP pools |
Source IP pools used for Web server connection. This field displays N/A if no IP pool is specified for the HTTP proxy. |
|
Medialink proxy |
Status of the external media link proxy feature: · Enabled. · Disabled. |
|
HTTP proxy operation recording |
Status of the HTTP proxy operation recording feature: · Enabled. · Disabled. |
|
Operation record file path |
Directory for saving the HTTP proxy operation recording file. This field displays N/A if no directory is specified for saving the HTTP proxy operation recording file. |
|
HTTP proxy status |
Status of the HTTP proxy service: · Enabled. · Disabled. |
Related commands
http-proxy server-group
http-proxy service
dns-server
Use dns-server to specify a DNS server for an HTTP proxy service.
Use undo dns-server to remove a DNS server for an HTTP proxy service.
Syntax
dns-server ip-address
undo dns-server ip-address
Default
No DNS servers are specified for an HTTP proxy service.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
ip-address: Specifies a DNS server by its IPv4 address.
Usage guidelines
Configure a minimum of one DNS server for an HTTP proxy service to resolve the domain names of the external hyperlinks and media links to be proxied on webpages of the Web servers.
Execute this command when the HTTP proxy service is disabled.
A maximum of two DNS servers can be specified for an HTTP proxy service.
Examples
# (In standalone mode.) Specify DNS server at 8.8.8.8 for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] dns-server 8.8.8.8
# (In IRF mode.) Specify DNS server at 8.8.8.8 for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] dns-server 8.8.8.8
Related commands
hyperlink-proxy
medialink-proxy enable
domain-name
Use domain-name to specify a domain name for an HTTP proxy service.
Use undo domain-name to delete the domain name for an HTTP proxy service.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name is specified for an HTTP proxy service.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters. The domain name can include dot-separated domain name suffixes (aabbcc.com, for example). Each domain name suffix can contain a maximum of 63 characters. Valid characters in the domain name string include letters, digits, hyphens (-), and underscores (_).
Usage guidelines
This command enables you to access an external webpage resource on the Web servers by adding the specified domain name to the domain name of the external webpage resource. The DNS server specified for the HTTP proxy service will resolve the domain names.
Execute this command when the HTTP proxy service is disabled.
The specified domain name must be the same as the actual domain name of the accessed Web server group.
Examples
# (In standalone mode.) Specify domain name test.gov.cn for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] domain-name test.gov.cn
# (In IRF mode.) Specify domain name test.gov.cn for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] domain-name test.gov.cn
Related commands
service enable
http-proxy server-group
Use http-proxy server-group to create a Web server group and enter its view, or enter the view of an existing Web server group.
Use undo http-proxy server-group to delete a Web server group.
Syntax
http-proxy server-group group-name
undo http-proxy server-group group-name
Default
No Web server groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies the name of the Web server group, a case-insensitive string of 1 to 63 characters. The name can include digits, letters, and underscores (_).
Usage guidelines
You cannot delete the Web server group that has been bound to an HTTP proxy service no matter whether the HTTP proxy service is enabled.
Examples
# Create Web server group test and enter its view.
<Sysname> system-view
[Sysname] http-proxy server-group test
[Sysname-http-proxy-server-group-test]
Related commands
protocol-type (HTTP proxy service view)
http-proxy service
Use http-proxy service to create an HTTP proxy service and enter its view, or enter the view of an existing HTTP proxy service.
Use undo http-proxy service to delete an HTTP proxy service.
Syntax
In standalone mode:
http-proxy service service-name
undo http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
undo http-proxy service service-name slot
Default
No HTTP proxy services exist.
Views
System view
Predefined user roles
network-admin
Parameters
service service-name: Specifies an HTTP proxy service by its name, a case-insensitive string of 1 to 63 characters. The name can include digits, letters, and underscores (_).
slot slot-number: Specifies an IRF member device by its member ID. (In IRF mode.)
Examples
# (In standalone mode.) Create HTTP proxy service test and enter its view.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test]
# (In IRF mode.) Create HTTP proxy service test on a module and enter its view.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1]
Related commands
service enable
hyperlink-proxy
Use hyperlink-proxy to specify an external hyperlink to be proxied on webpages.
Use undo hyperlink-proxy to remove an external hyperlink to be proxied on webpages.
Syntax
hyperlink-proxy link-string
undo hyperlink-proxy link-string
Default
No external hyperlinks to be proxied are specified on webpages.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
link-string: Specifies the URL of an external hyperlink, a case-insensitive string of 1 to 253 characters. The string can include letters, digits, hyphens (-),underscores (_), slashes (/), and dots (.).
Usage guidelines
This feature enables users to access external hyperlinks on webpages of Web servers proxied by the HTTP proxy service.
Execute this command when the HTTP proxy service is disabled.
The HTTP proxy service will proxy all specified external hyperlinks on the webpages requested by users, which might cause security risks. Please use this feature with cautions.
To use this feature, you must also configure the domain-name and dns-server commands.
Examples
# (In standalone mode.) Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] hyperlink-proxy www.hyperlink.org
# (In IRF mode.) Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] hyperlink-proxy www.hyperlink.org
Related commands
dns-server
domain-name
ip-address
Use ip-address to add a Web server to a Web server group.
Use undo ip-address to remove a Web server from a Web server group.
Syntax
ip-address ip-address [ port port-number ]
undo ip-address ip-address [ port port-number ]
Default
No Web servers exist in a Web server group.
Views
Web server group view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the Web server.
port port-number: Specifies the port number of the Web server, in the range of 1 to 65535.
Usage guidelines
You can repeat this command to add multiple Web servers to a Web server group.
If a Web server group has been bound to an HTTP proxy service, you cannot modify the IP address or port number of any Web server in this Web server group.
Examples
# Add the Web server with IP address 10.1.1.10 and port number 8000 to Web server group test.
<Sysname> system-view
[Sysname] http-proxy server-group test
[Sysname-http-proxy-server-group-test] ip-address 10.1.1.10 port 8000
ip-pool
Use ip-pool to configure a source IP pool used for Web server connection.
Use undo ip-pool to delete the source IP pool used for Web server connection.
Syntax
ip-pool start-address end-address [ vpn-instance vpn-instance-name ]
undo ip-pool [ start-address end-address [ vpn-instance vpn-instance-name ] ] ]
Default
No source IP pools are specified for Web server connection.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
start-address end-address: Specifies the start IP address and end IP address of a source IP pool. The end address cannot be lower than the start address. If the start and end IP addresses are the same, the source IP pool has only one IP address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the IP pool is on the public network.
Usage guidelines
By default, the HTTP proxy uses the IP address of the outgoing interface in the default route to establish TCP connections with Web servers. An IP address supports a maximum of 65535 TCP connections. To allow the HTTP proxy to establish more TCP connections with Web servers, you can use this command to configure source IP pools. The HTTP proxy will use an IP address in the source IP pool for Web server connection.
You can execute this command multiple times to specify a maximum of 64 source IP pools. An IP pool can contain a maximum of 512 IP addresses. The IP addresses in different source IP pools cannot overlap with each other.
The source IP pools configured in the same HTTP proxy service must belong to the same VPN instance. The IP pools configured in the different HTTP proxy services must belong to different VPN instances.
Examples
# (In standalone mode.) Configure a source IP pool that contains IP addresses 1.1.1.1 through 1.1.1.100 and belongs to VPN instance vpn1 for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] ip-pool 1.1.1.1 1.1.1.100 vpn-instance vpn1
# (In IRF mode.) Configure a source IP pool that contains IP addresses 1.1.1.1 through 1.1.1.100 and belongs to VPN instance vpn1 for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] ip-pool 1.1.1.1 1.1.1.100 vpn-instance vpn1
ipv6-address
Use ipv6-address to specify an IPv6 address for an HTTP proxy service.
Use undo ipv6-address to delete the IPv6 address for an HTTP proxy service.
Syntax
ipv6-address ipv6-address
undo ipv6-address
Default
No IPv6 address is specified for an HTTP proxy service.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address for an HTTP proxy service.
Usage guidelines
You can use the specified IPv6 address of an HTTP proxy service to establish a communication between the devices and the Web server group bound with the HTTP proxy service.
Execute this command when the HTTP proxy service is disabled.
Examples
# (In standalone mode.) Specify 2001::1 as the IPv6 address of HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] ipv6-address 2001::1
# (In IRF mode.) Specify 2001::1 as the IPv6 address of HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] ipv6-address 2001::1
Related commands
service enable
medialink-proxy enable
Use dns-server to enable the external media link proxy feature.
Use undo dns-server to disable the external media link proxy feature.
Syntax
medialink-proxy enable
undo medialink-proxy enable
Default
The external media link proxy feature is disabled.
Views
HTTP proxy service view
Predefined user roles
network-admin
Usage guidelines
This feature enables users to access external media files linked to webpages of the Web servers proxied by the HTTP proxy service.
To use this feature, you must also configure the domain-name and dns-server commands.
Examples
# (In standalone mode.) Enable the external media link proxy feature for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-server-service-test] medialink-proxy enable
# (In IRF mode.) Enable the external media link proxy feature for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] medialink-proxy enable
Related commands
dns-server
domain-name
protocol-type (Web server group view)
Use protocol-type to specify a protocol type for a Web server group.
Use undo protocol-type to delete the protocol settings for a Web server group.
Syntax
protocol-type { http | https }
undo protocol-type
Default
No protocol types are specified for a Web server group.
Views
Web server group view
Predefined user roles
network-admin
Parameters
http: Specifies the HTTP protocol.
https: Specifies the HTTPS protocol.
Usage guidelines
If a Web server group has been bound to an HTTP proxy service, you cannot change the protocol type specified for a Web server group.
The HTTP proxy uses the specified protocol to encapsulate HTTP or HTTPS requests sent to Web servers in the Web server group.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify HTTP as the protocol type of Web server group test.
<Sysname> system-view
[Sysname] http-proxy server-group test
[Sysname-http-proxy-server-group-test] protocol-type http
protocol-type (http proxy service view)
Use protocol-type to specify a protocol type and listening port number for an HTTP proxy service and bind a Web server group to the service.
Use undo protocol-type to delete the protocol and listening port settings for an HTTP proxy service and unbind the Web server group from the service.
Syntax
protocol-type { http | https } [ port port-number ] [ server-group group-name ]
undo protocol-type { http | https } [ port port-number ] [ server-group group-name ]
Default
No protocol type or listening port number is specified for an HTTP proxy service and no Web server group is bound to the HTTP proxy service.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
http: Specifies the HTTP protocol.
https: Specifies the HTTPS protocol.
port port-number: Specifies the port number on which the HTTP proxy service listens. The value range is 1 to 65535. The default listening port number for the HTTP protocol and HTTPS protocol is 80 and 443, respectively.
server-group group-name: Specifies a Web server group by its name, a case-insensitive string of 1 to 63 characters. The name can include digits, letters, and underscores (_). If you do not specify this option, the device can access all Web servers.
Usage guidelines
With this command configured, if the IPv6 client uses the specified protocol and port number to access a Web server:
· For an IPv6 Web server, the HTTP proxy directly forwards the IPv6 packets received from the client to the Web server.
· For an IPv4 Web server, the HTTP proxy first converts the IPv6 packets of the client to IPv4 packets. Then the HTTP proxy uses the specified protocol to encapsulate the packets before sending them to the specified Web server.
To access different Web servers, you can execute this command multiple times to configure multiple listening ports and Web server groups for an HTTP proxy service.
As a best practice, do not bind HTTP proxy services of different protocol types to the same Web server group. One port number can be bound to only one Web server group that has been specified with a protocol type and contains Web servers.
Examples
# (In standalone mode.) Specify HTTP and port number 8000 as the protocol type and listening port number of HTTP proxy service test and bind Web server group grouptest to the HTTP proxy service.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] protocol-type http port 8000 server-group grouptest
# (In IRF mode.) Specify HTTP and port number 8000 as the protocol type and listening port number of HTTP proxy service test and bind Web server group grouptest to the HTTP proxy service.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] protocol-type http port 8000 server-group grouptest
service enable
Use service enable to enable an HTTP proxy service.
Use undo service enable to disable an HTTP proxy service.
Syntax
service enable
undo service enable
Default
An HTTP proxy service is disabled.
Views
HTTP proxy service view
Predefined user roles
network-admin
Usage guidelines
The HTTP proxy service requires a license. For more information about licenses, see license management in Fundamentals Configuration Guide.
Before enable an HTTP proxy service, perform the following tasks:
· Specify a protocol type for the HTTP proxy service and bind a Web server group to the service.
· Specify an IPv6 address for the HTTP proxy service.
· If HTTPS is specified as the protocol type for the HTTP proxy service, specify an SSL certificate file and SSL certificate key file for the service by using the ssl certificate file and ssl certificate key-file commands, respectively.
· If you enable the external media link proxy feature or specify external hyperlinks to be proxied on webpages, configure the dns-server command.
If an HTTP proxy service has been enabled, you can execute only the access-record enable command in the view of this service.
Examples
# (In standalone mode.) Enable HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] service enable
# (In IRF mode.) Enable HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] service enable
Related commands
dns-server
domain-name
hyperlink-proxy
ipv6-address
medialink-proxy enable
protocol-type (HTTP proxy service view)
ssl certificate file
ssl certificate key-file
ssl certificate file
Use ssl certificate file to specify an SSL certificate file.
Use undo ssl certificate file to restore the default.
Syntax
ssl certificate file certificate-file
undo ssl certificate file
Default
No SSL certificate file is specified.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
certificate-file: Specifies an SSL certificate file.
certificate-file: Specifies an SSL certificate file. The file path specified by the certificate-file argument must be on the storage media of the active MPU or master device.(In IRF mode.)
Usage guidelines
For an HTTP proxy service to proxy HTTPS requests, you must specify an SSL certificate file for the HTTP proxy service.
After you execute this command on a device, the system will check whether the specified SSL certificate file exists on the master device or active MPU:
· If yes, the configuration succeeds.
· If not, the configuration fails.
Before executing this command, copy the SSL certificate file to the directory of all standby devices or standby MPUs. Therefore, the settings of an HTTP proxy service can restore successfully after a master/subordinate or active/standby switchover.
You must specify an SSL certificate file for an HTTP proxy service before enabling the HTTP proxy service. Otherwise, the HTTP proxy service cannot correctly proxy HTTPS requests.
Before modifying the SSL certificate file for an HTTP proxy service, first disable the HTTP proxy service.
Examples
# (In standalone mode.) Specify SSL certificate file cert.pem for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] ssl certificate file flash:/cert.pem
# (In IRF mode.) Specify SSL certificate file cert.pem for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] ssl certificate file flash:/cert.pem
Related commands
protocol-type (HTTP proxy service view)
ssl certificate key-file
Use ssl certificate key-file to specify an SSL certificate key file.
Use undo ssl certificate key-file to restore the default.
Syntax
ssl certificate key-file key-file
undo ssl certificate key-file
Default
No SSL certificate key file is specified.
Views
HTTP proxy service view
Predefined user roles
network-admin
Parameters
key-file: Specifies an SSL certificate key file. (In standalone mode.)
key-file: Specifies an SSL certificate key file. The file path specified by the key-file argument must be on the storage media of the active MPU or master device. (In IRF mode.)
Usage guidelines
For an HTTP proxy service to proxy HTTPS requests, you must specify an SSL certificate key file for the HTTP proxy service.
After you execute this command on a device, the system will check whether the specified SSL certificate key file exists on the master device or active MPU:
· If yes, the configuration succeeds.
· If not, the configuration fails.
Before executing this command, copy the SSL certificate key file to the directory of all standby devices or standby MPUs. Therefore, the settings of an HTTP proxy service can restore successfully after a master/subordinate or active/standby switchover.
You must specify an SSL certificate key file for an HTTP proxy service before enabling the HTTP proxy service. Otherwise, the HTTP proxy service cannot correctly proxy HTTPS requests.
Before modifying the SSL certificate key file for an HTTP proxy service, first disable the HTTP proxy service.
Examples
# (In standalone mode.) Specify SSL certificate key file cert.key for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test
[Sysname-http-proxy-service-test] ssl certificate key-file flash:/cert.key
# (In IRF mode.) Specify SSL certificate file cert.key for HTTP proxy service test.
<Sysname> system-view
[Sysname] http-proxy service test slot 1
[Sysname-http-proxy-service-test-slot1] ssl certificate key-file flash:/cert.key
Related commands
protocol-type (HTTP proxy service view)
