diff options
Diffstat (limited to 'data/templates/load-balancing/haproxy.cfg.j2')
| -rw-r--r-- | data/templates/load-balancing/haproxy.cfg.j2 | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 0a40e1ecf..849cef74d 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -1,4 +1,4 @@ -# Generated by ${vyos_conf_scripts_dir}/load-balancing-haproxy.py +### Autogenerated by load-balancing_reverse-proxy.py ### global log /dev/log local0 @@ -50,13 +50,19 @@ defaults {% if service is vyos_defined %} {% for front, front_config in service.items() %} frontend {{ front }} -{% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %} +{% set ssl_front = [] %} +{% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %} +{% for cert in front_config.ssl.certificate %} +{% set _ = ssl_front.append('crt /run/haproxy/' ~ cert ~ '.pem') %} +{% endfor %} +{% endif %} +{% set ssl_directive = 'ssl' if ssl_front else '' %} {% if front_config.listen_address is vyos_defined %} {% for address in front_config.listen_address %} - bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }} + bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endfor %} {% else %} - bind :::{{ front_config.port }} v4v6 {{ ssl_front }} + bind :::{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endif %} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } @@ -146,7 +152,7 @@ backend {{ back }} {% if back_config.server is vyos_defined %} {% set ssl_back = 'ssl ca-file /run/haproxy/' ~ back_config.ssl.ca_certificate ~ '.pem' if back_config.ssl.ca_certificate is vyos_defined else '' %} {% for server, server_config in back_config.server.items() %} - server {{ server }} {{ server_config.address }}:{{ server_config.port }}{{ ' check' if server_config.check is vyos_defined }}{{ ' send-proxy' if server_config.send_proxy is vyos_defined }}{{ ' send-proxy-v2' if server_config.send_proxy_v2 is vyos_defined }} {{ ssl_back }} + server {{ server }} {{ server_config.address }}:{{ server_config.port }}{{ ' check' if server_config.check is vyos_defined }}{{ ' backup' if server_config.backup is vyos_defined }}{{ ' send-proxy' if server_config.send_proxy is vyos_defined }}{{ ' send-proxy-v2' if server_config.send_proxy_v2 is vyos_defined }} {{ ssl_back }} {% endfor %} {% endif %} {% if back_config.timeout.check is vyos_defined %} @@ -161,4 +167,3 @@ backend {{ back }} {% endfor %} {% endif %} - |