summaryrefslogtreecommitdiff
path: root/data/templates/load-balancing/haproxy.cfg.j2
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-12-08 14:14:07 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-12-20 01:07:42 +0000
commita3e059e7e8d340f6f5e623bbc17acf18cb296626 (patch)
tree85320c45ac82f7065e3e1648bd9cb2dd97c9c28b /data/templates/load-balancing/haproxy.cfg.j2
parent01fd13f8e15f5309cd93d03db8603cd10d9785d8 (diff)
downloadvyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.tar.gz
vyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.zip
T5798: load-balancing revese-proxy add multiple SSL certificates
Add ability to configure multiple SSL certificates for frontend/service set load-balancing reverse-proxy service web mode http set load-balancing reverse-proxy service web port 443 set load-balancing reverse-proxy service web ssl certificate cert1 set load-balancing reverse-proxy service web ssl certificate cert2 (cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j213
1 files changed, 9 insertions, 4 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index a75ee9904..defb76fba 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -50,13 +50,19 @@ defaults
{% if service is vyos_defined %}
{% for front, front_config in service.items() %}
frontend {{ front }}
-{% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %}
+{% set ssl_front = [] %}
+{% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %}
+{% for cert in front_config.ssl.certificate %}
+{% set _ = ssl_front.append('crt /run/haproxy/' ~ cert ~ '.pem') %}
+{% endfor %}
+{% endif %}
+{% set ssl_directive = 'ssl' if ssl_front else '' %}
{% if front_config.listen_address is vyos_defined %}
{% for address in front_config.listen_address %}
- bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }}
+ bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_directive }} {{ ssl_front | join(' ') }}
{% endfor %}
{% else %}
- bind :::{{ front_config.port }} v4v6 {{ ssl_front }}
+ bind :::{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }}
{% endif %}
{% if front_config.redirect_http_to_https is vyos_defined %}
http-request redirect scheme https unless { ssl_fc }
@@ -161,4 +167,3 @@ backend {{ back }}
{% endfor %}
{% endif %}
-