summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-12-08 14:14:07 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-12-20 01:07:42 +0000
commita3e059e7e8d340f6f5e623bbc17acf18cb296626 (patch)
tree85320c45ac82f7065e3e1648bd9cb2dd97c9c28b /src/conf_mode
parent01fd13f8e15f5309cd93d03db8603cd10d9785d8 (diff)
downloadvyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.tar.gz
vyos-1x-a3e059e7e8d340f6f5e623bbc17acf18cb296626.zip
T5798: load-balancing revese-proxy add multiple SSL certificates
Add ability to configure multiple SSL certificates for frontend/service set load-balancing reverse-proxy service web mode http set load-balancing reverse-proxy service web port 443 set load-balancing reverse-proxy service web ssl certificate cert1 set load-balancing reverse-proxy service web ssl certificate cert2 (cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/load-balancing-haproxy.py20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/conf_mode/load-balancing-haproxy.py b/src/conf_mode/load-balancing-haproxy.py
index ec4311bb5..333ebc66c 100755
--- a/src/conf_mode/load-balancing-haproxy.py
+++ b/src/conf_mode/load-balancing-haproxy.py
@@ -108,17 +108,19 @@ def generate(lb):
if 'ssl' in front_config:
if 'certificate' in front_config['ssl']:
- cert_name = front_config['ssl']['certificate']
- pki_cert = lb['pki']['certificate'][cert_name]
- cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
- cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
+ cert_names = front_config['ssl']['certificate']
- with open(cert_file_path, 'w') as f:
- f.write(wrap_certificate(pki_cert['certificate']))
+ for cert_name in cert_names:
+ pki_cert = lb['pki']['certificate'][cert_name]
+ cert_file_path = os.path.join(load_balancing_dir, f'{cert_name}.pem')
+ cert_key_path = os.path.join(load_balancing_dir, f'{cert_name}.pem.key')
- if 'private' in pki_cert and 'key' in pki_cert['private']:
- with open(cert_key_path, 'w') as f:
- f.write(wrap_private_key(pki_cert['private']['key']))
+ with open(cert_file_path, 'w') as f:
+ f.write(wrap_certificate(pki_cert['certificate']))
+
+ if 'private' in pki_cert and 'key' in pki_cert['private']:
+ with open(cert_key_path, 'w') as f:
+ f.write(wrap_private_key(pki_cert['private']['key']))
if 'ca_certificate' in front_config['ssl']:
ca_name = front_config['ssl']['ca_certificate']