summaryrefslogtreecommitdiff
path: root/data/templates/load-balancing/haproxy.cfg.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j244
1 files changed, 40 insertions, 4 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index 849cef74d..7917c8257 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -69,11 +69,23 @@ frontend {{ front }}
{% endif %}
{% if front_config.mode is vyos_defined %}
mode {{ front_config.mode }}
+{% if front_config.tcp_request.inspect_delay is vyos_defined %}
+ tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }}
+{% endif %}
+{# add tcp-request related directive if ssl is configed #}
+{% if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %}
+{% for rule, rule_config in front_config.rule.items() %}
+{% if rule_config.ssl is vyos_defined %}
+ tcp-request content accept if { req_ssl_hello_type 1 }
+{% break %}
+{% endif %}
+{% endfor %}
+{% endif %}
{% endif %}
{% if front_config.rule is vyos_defined %}
{% for rule, rule_config in front_config.rule.items() %}
# rule {{ rule }}
-{% if rule_config.domain_name is vyos_defined and rule_config.set.backend is vyos_defined %}
+{% if rule_config.domain_name is vyos_defined %}
{% set rule_options = 'hdr(host)' %}
{% if rule_config.ssl is vyos_defined %}
{% set ssl_rule_translate = {'req-ssl-sni': 'req_ssl_sni', 'ssl-fc-sni': 'ssl_fc_sni', 'ssl-fc-sni-end': 'ssl_fc_sni_end'} %}
@@ -82,16 +94,20 @@ frontend {{ front }}
{% for domain in rule_config.domain_name %}
acl {{ rule }} {{ rule_options }} -i {{ domain }}
{% endfor %}
- use_backend {{ rule_config.set.backend }} if {{ rule }}
{% endif %}
{# path url #}
-{% if rule_config.url_path is vyos_defined and rule_config.set.redirect_location is vyos_defined %}
+{% if rule_config.url_path is vyos_defined %}
{% set path_mod_translate = {'begin': '-i -m beg', 'end': '-i -m end', 'exact': ''} %}
{% for path, path_config in rule_config.url_path.items() %}
{% for url in path_config %}
acl {{ rule }} path {{ path_mod_translate[path] }} {{ url }}
{% endfor %}
{% endfor %}
+{% endif %}
+{% if rule_config.set.backend is vyos_defined %}
+ use_backend {{ rule_config.set.backend }} if {{ rule }}
+{% endif %}
+{% if rule_config.set.redirect_location is vyos_defined %}
http-request redirect location {{ rule_config.set.redirect_location }} code 301 if {{ rule }}
{% endif %}
{# endpath #}
@@ -110,6 +126,26 @@ frontend {{ front }}
{% if backend is vyos_defined %}
{% for back, back_config in backend.items() %}
backend {{ back }}
+{% if back_config.http_check is vyos_defined %}
+ option httpchk
+{% endif %}
+{% set send = '' %}
+{% if back_config.http_check.method is vyos_defined %}
+{% set send = send + ' meth ' + back_config.http_check.method | upper %}
+{% endif %}
+{% if back_config.http_check.uri is vyos_defined %}
+{% set send = send + ' uri ' + back_config.http_check.uri %}
+{% endif %}
+{% if send != '' %}
+ http-check send{{ send }}
+{% endif %}
+{% if back_config.http_check.expect is vyos_defined %}
+{% if back_config.http_check.expect.status is vyos_defined %}
+ http-check expect status {{ back_config.http_check.expect.status }}
+{% elif back_config.http_check.expect.string is vyos_defined %}
+ http-check expect string {{ back_config.http_check.expect.string }}
+{% endif %}
+{% endif %}
{% if back_config.balance is vyos_defined %}
{% set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %}
balance {{ balance_translate[back_config.balance] }}
@@ -150,7 +186,7 @@ backend {{ back }}
{% endfor %}
{% endif %}
{% if back_config.server is vyos_defined %}
-{% set ssl_back = 'ssl ca-file /run/haproxy/' ~ back_config.ssl.ca_certificate ~ '.pem' if back_config.ssl.ca_certificate is vyos_defined else '' %}
+{% set ssl_back = 'ssl ca-file /run/haproxy/' ~ back_config.ssl.ca_certificate ~ '.pem' if back_config.ssl.ca_certificate is vyos_defined else ('ssl verify none' if back_config.ssl.no_verify is vyos_defined else '') %}
{% for server, server_config in back_config.server.items() %}
server {{ server }} {{ server_config.address }}:{{ server_config.port }}{{ ' check' if server_config.check is vyos_defined }}{{ ' backup' if server_config.backup is vyos_defined }}{{ ' send-proxy' if server_config.send_proxy is vyos_defined }}{{ ' send-proxy-v2' if server_config.send_proxy_v2 is vyos_defined }} {{ ssl_back }}
{% endfor %}