summaryrefslogtreecommitdiff
path: root/data/templates/load-balancing/haproxy.cfg.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-09 09:17:08 +0200
committerGitHub <noreply@github.com>2024-06-09 09:17:08 +0200
commitbd8016060c8f7055bf4342b52aff8abb5f8fc291 (patch)
treef21a9093e7edd8f5b6784c912d9cf4ff38aadcec /data/templates/load-balancing/haproxy.cfg.j2
parenta79c094c3b0a543d4dc04adb3fc64e215b910593 (diff)
parent60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c (diff)
downloadvyos-1x-bd8016060c8f7055bf4342b52aff8abb5f8fc291.tar.gz
vyos-1x-bd8016060c8f7055bf4342b52aff8abb5f8fc291.zip
Merge pull request #3598 from Embezzle/T6454
reverse-proxy: T6454: Set default value of http for haproxy mode
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j240
1 files changed, 18 insertions, 22 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index c6027e09b..c18a998b8 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -67,25 +67,23 @@ frontend {{ front }}
{% if front_config.redirect_http_to_https is vyos_defined %}
http-request redirect scheme https unless { ssl_fc }
{% endif %}
-{% if front_config.mode is vyos_defined %}
mode {{ front_config.mode }}
-{% if front_config.tcp_request.inspect_delay is vyos_defined %}
+{% if front_config.tcp_request.inspect_delay is vyos_defined %}
tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }}
-{% endif %}
-{# add tcp-request related directive if ssl is configed #}
-{% if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %}
-{% for rule, rule_config in front_config.rule.items() %}
-{% if rule_config.ssl is vyos_defined %}
+{% endif %}
+{# add tcp-request related directive if ssl is configured #}
+{% if front_config.mode == 'tcp' and front_config.rule is vyos_defined %}
+{% for rule, rule_config in front_config.rule.items() %}
+{% if rule_config.ssl is vyos_defined %}
tcp-request content accept if { req_ssl_hello_type 1 }
-{% break %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if front_config.http_response_headers is vyos_defined %}
-{% for header, header_config in front_config.http_response_headers.items() %}
+{% break %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if front_config.http_response_headers is vyos_defined %}
+{% for header, header_config in front_config.http_response_headers.items() %}
http-response set-header {{ header }} '{{ header_config['value'] }}'
-{% endfor %}
-{% endif %}
+{% endfor %}
{% endif %}
{% if front_config.rule is vyos_defined %}
{% for rule, rule_config in front_config.rule.items() %}
@@ -162,19 +160,17 @@ backend {{ back }}
{% set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %}
balance {{ balance_translate[back_config.balance] }}
{% endif %}
-{# If mode is not TCP skip Forwarded #}
-{% if back_config.mode is not vyos_defined('tcp') %}
+{# If mode is HTTP add X-Forwarded headers #}
+{% if back_config.mode == 'http' %}
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
{% endif %}
-{% if back_config.mode is vyos_defined %}
mode {{ back_config.mode }}
-{% if back_config.http_response_headers is vyos_defined %}
-{% for header, header_config in back_config.http_response_headers.items() %}
+{% if back_config.http_response_headers is vyos_defined %}
+{% for header, header_config in back_config.http_response_headers.items() %}
http-response set-header {{ header }} '{{ header_config['value'] }}'
-{% endfor %}
-{% endif %}
+{% endfor %}
{% endif %}
{% if back_config.rule is vyos_defined %}
{% for rule, rule_config in back_config.rule.items() %}