diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-12-08 14:14:07 +0000 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2023-12-20 01:07:42 +0000 |
commit | a3e059e7e8d340f6f5e623bbc17acf18cb296626 (patch) | |
tree | 85320c45ac82f7065e3e1648bd9cb2dd97c9c28b /data/templates/load-balancing/haproxy.cfg.j2 | |
parent | 01fd13f8e15f5309cd93d03db8603cd10d9785d8 (diff) | |
download | vyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.tar.gz vyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.zip |
T5798: load-balancing revese-proxy add multiple SSL certificates
Add ability to configure multiple SSL certificates for
frontend/service
set load-balancing reverse-proxy service web mode http
set load-balancing reverse-proxy service web port 443
set load-balancing reverse-proxy service web ssl certificate cert1
set load-balancing reverse-proxy service web ssl certificate cert2
(cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
-rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index a75ee9904..defb76fba 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -50,13 +50,19 @@ defaults {% if service is vyos_defined %} {% for front, front_config in service.items() %} frontend {{ front }} -{% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %} +{% set ssl_front = [] %} +{% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %} +{% for cert in front_config.ssl.certificate %} +{% set _ = ssl_front.append('crt /run/haproxy/' ~ cert ~ '.pem') %} +{% endfor %} +{% endif %} +{% set ssl_directive = 'ssl' if ssl_front else '' %} {% if front_config.listen_address is vyos_defined %} {% for address in front_config.listen_address %} - bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }} + bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endfor %} {% else %} - bind :::{{ front_config.port }} v4v6 {{ ssl_front }} + bind :::{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endif %} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } @@ -161,4 +167,3 @@ backend {{ back }} {% endfor %} {% endif %} - |