summaryrefslogtreecommitdiff
path: root/data/templates
diff options
context:
space:
mode:
authorAlex W <embezzle.dev@proton.me>2024-06-07 11:32:41 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-06-09 07:17:42 +0000
commited291814eb8bd9dc81aff382f6507b7ee2838ef7 (patch)
treea0a0d35ad1d609cf7fc1e04ec29ddd20800e8e45 /data/templates
parent07efcfc28cc2ba1420a470f9bb9cf3be68d8ff47 (diff)
downloadvyos-1x-ed291814eb8bd9dc81aff382f6507b7ee2838ef7.tar.gz
vyos-1x-ed291814eb8bd9dc81aff382f6507b7ee2838ef7.zip
reverse-proxy: T6454: Set default value of http for haproxy mode
(cherry picked from commit 60d7c0ecaff49ec62f4600a460f5fbe7b26a0d9c)
Diffstat (limited to 'data/templates')
-rw-r--r--data/templates/load-balancing/haproxy.cfg.j240
1 files changed, 18 insertions, 22 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index c6027e09b..c18a998b8 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -67,25 +67,23 @@ frontend {{ front }}
{% if front_config.redirect_http_to_https is vyos_defined %}
http-request redirect scheme https unless { ssl_fc }
{% endif %}
-{% if front_config.mode is vyos_defined %}
mode {{ front_config.mode }}
-{% if front_config.tcp_request.inspect_delay is vyos_defined %}
+{% if front_config.tcp_request.inspect_delay is vyos_defined %}
tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }}
-{% endif %}
-{# add tcp-request related directive if ssl is configed #}
-{% if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %}
-{% for rule, rule_config in front_config.rule.items() %}
-{% if rule_config.ssl is vyos_defined %}
+{% endif %}
+{# add tcp-request related directive if ssl is configured #}
+{% if front_config.mode == 'tcp' and front_config.rule is vyos_defined %}
+{% for rule, rule_config in front_config.rule.items() %}
+{% if rule_config.ssl is vyos_defined %}
tcp-request content accept if { req_ssl_hello_type 1 }
-{% break %}
-{% endif %}
-{% endfor %}
-{% endif %}
-{% if front_config.http_response_headers is vyos_defined %}
-{% for header, header_config in front_config.http_response_headers.items() %}
+{% break %}
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if front_config.http_response_headers is vyos_defined %}
+{% for header, header_config in front_config.http_response_headers.items() %}
http-response set-header {{ header }} '{{ header_config['value'] }}'
-{% endfor %}
-{% endif %}
+{% endfor %}
{% endif %}
{% if front_config.rule is vyos_defined %}
{% for rule, rule_config in front_config.rule.items() %}
@@ -162,19 +160,17 @@ backend {{ back }}
{% set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %}
balance {{ balance_translate[back_config.balance] }}
{% endif %}
-{# If mode is not TCP skip Forwarded #}
-{% if back_config.mode is not vyos_defined('tcp') %}
+{# If mode is HTTP add X-Forwarded headers #}
+{% if back_config.mode == 'http' %}
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
{% endif %}
-{% if back_config.mode is vyos_defined %}
mode {{ back_config.mode }}
-{% if back_config.http_response_headers is vyos_defined %}
-{% for header, header_config in back_config.http_response_headers.items() %}
+{% if back_config.http_response_headers is vyos_defined %}
+{% for header, header_config in back_config.http_response_headers.items() %}
http-response set-header {{ header }} '{{ header_config['value'] }}'
-{% endfor %}
-{% endif %}
+{% endfor %}
{% endif %}
{% if back_config.rule is vyos_defined %}
{% for rule, rule_config in back_config.rule.items() %}