diff options
author | Christian Breunig <christian@breunig.cc> | 2024-06-09 09:17:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-09 09:17:08 +0200 |
commit | bd8016060c8f7055bf4342b52aff8abb5f8fc291 (patch) | |
tree | f21a9093e7edd8f5b6784c912d9cf4ff38aadcec /data/templates/load-balancing/haproxy.cfg.j2 | |
parent | a79c094c3b0a543d4dc04adb3fc64e215b910593 (diff) | |
parent | 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c (diff) | |
download | vyos-1x-bd8016060c8f7055bf4342b52aff8abb5f8fc291.tar.gz vyos-1x-bd8016060c8f7055bf4342b52aff8abb5f8fc291.zip |
Merge pull request #3598 from Embezzle/T6454
reverse-proxy: T6454: Set default value of http for haproxy mode
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
-rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 40 |
1 files changed, 18 insertions, 22 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index c6027e09b..c18a998b8 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -67,25 +67,23 @@ frontend {{ front }} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } {% endif %} -{% if front_config.mode is vyos_defined %} mode {{ front_config.mode }} -{% if front_config.tcp_request.inspect_delay is vyos_defined %} +{% if front_config.tcp_request.inspect_delay is vyos_defined %} tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }} -{% endif %} -{# add tcp-request related directive if ssl is configed #} -{% if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %} -{% for rule, rule_config in front_config.rule.items() %} -{% if rule_config.ssl is vyos_defined %} +{% endif %} +{# add tcp-request related directive if ssl is configured #} +{% if front_config.mode == 'tcp' and front_config.rule is vyos_defined %} +{% for rule, rule_config in front_config.rule.items() %} +{% if rule_config.ssl is vyos_defined %} tcp-request content accept if { req_ssl_hello_type 1 } -{% break %} -{% endif %} -{% endfor %} -{% endif %} -{% if front_config.http_response_headers is vyos_defined %} -{% for header, header_config in front_config.http_response_headers.items() %} +{% break %} +{% endif %} +{% endfor %} +{% endif %} +{% if front_config.http_response_headers is vyos_defined %} +{% for header, header_config in front_config.http_response_headers.items() %} http-response set-header {{ header }} '{{ header_config['value'] }}' -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if front_config.rule is vyos_defined %} {% for rule, rule_config in front_config.rule.items() %} @@ -162,19 +160,17 @@ backend {{ back }} {% set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %} balance {{ balance_translate[back_config.balance] }} {% endif %} -{# If mode is not TCP skip Forwarded #} -{% if back_config.mode is not vyos_defined('tcp') %} +{# If mode is HTTP add X-Forwarded headers #} +{% if back_config.mode == 'http' %} option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } {% endif %} -{% if back_config.mode is vyos_defined %} mode {{ back_config.mode }} -{% if back_config.http_response_headers is vyos_defined %} -{% for header, header_config in back_config.http_response_headers.items() %} +{% if back_config.http_response_headers is vyos_defined %} +{% for header, header_config in back_config.http_response_headers.items() %} http-response set-header {{ header }} '{{ header_config['value'] }}' -{% endfor %} -{% endif %} +{% endfor %} {% endif %} {% if back_config.rule is vyos_defined %} {% for rule, rule_config in back_config.rule.items() %} |