diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-04-16 18:40:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-16 18:40:44 +0200 |
| commit | 8f778f989d8fed30eec0a95d5b1fbb67594c67df (patch) | |
| tree | 9821118961aa3ce924f6170287a95498d3262e5a /data | |
| parent | 5a481813c0590d1dd800772251c9ccb25f6faefc (diff) | |
| parent | deb92e4661106283d7951570fc9ab243e74bccd9 (diff) | |
| download | vyos-1x-8f778f989d8fed30eec0a95d5b1fbb67594c67df.tar.gz vyos-1x-8f778f989d8fed30eec0a95d5b1fbb67594c67df.zip | |
Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 849cef74d..feb10d247 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -150,7 +150,7 @@ backend {{ back }} {% endfor %} {% endif %} {% if back_config.server is vyos_defined %} -{% set ssl_back = 'ssl ca-file /run/haproxy/' ~ back_config.ssl.ca_certificate ~ '.pem' if back_config.ssl.ca_certificate is vyos_defined else '' %} +{% set ssl_back = 'ssl ca-file /run/haproxy/' ~ back_config.ssl.ca_certificate ~ '.pem' if back_config.ssl.ca_certificate is vyos_defined else ('ssl verify none' if back_config.ssl.no_verify is vyos_defined else '') %} {% for server, server_config in back_config.server.items() %} server {{ server }} {{ server_config.address }}:{{ server_config.port }}{{ ' check' if server_config.check is vyos_defined }}{{ ' backup' if server_config.backup is vyos_defined }}{{ ' send-proxy' if server_config.send_proxy is vyos_defined }}{{ ' send-proxy-v2' if server_config.send_proxy_v2 is vyos_defined }} {{ ssl_back }} {% endfor %} |