diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-05-19 12:40:54 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-05-19 12:40:54 +0000 |
commit | 9ffbc8d8f9a2d25598f252b2a247fed9a76ea311 (patch) | |
tree | 743452b39e78e4e819068c87df047a8e35f8b3f4 | |
parent | a66648596dc126b7bed37d8119ee8faa14909613 (diff) | |
download | vyos-1x-9ffbc8d8f9a2d25598f252b2a247fed9a76ea311.tar.gz vyos-1x-9ffbc8d8f9a2d25598f252b2a247fed9a76ea311.zip |
T5222: reverse-proxy fix template for listen-address
Load-balancing reverse-proxy listen-address is multi-value node
Use bracketize for correct set bind config for IPv6 addresses
Listen by default IPv4 and IPv6 if listen-address is not defined
-rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 1a8ce13f8..3799071b2 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -51,7 +51,13 @@ defaults {% for front, front_config in service.items() %} frontend {{ front }} {% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %} - bind {{ front_config.listen_address if front_config.listen_address if vyos_defined else '*' }}:{{ front_config.port }} {{ ssl_front }} +{% if front_config.listen_address is vyos_defined %} +{% for address in front_config.listen_address %} + bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }} +{% endfor %} +{% else %} + bind :::{{ front_config.port }} v4v6 {{ ssl_front }} +{% endif %} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } {% endif %} |