From 9ffbc8d8f9a2d25598f252b2a247fed9a76ea311 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 19 May 2023 12:40:54 +0000 Subject: T5222: reverse-proxy fix template for listen-address Load-balancing reverse-proxy listen-address is multi-value node Use bracketize for correct set bind config for IPv6 addresses Listen by default IPv4 and IPv6 if listen-address is not defined --- data/templates/load-balancing/haproxy.cfg.j2 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'data/templates') diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 1a8ce13f8..3799071b2 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -51,7 +51,13 @@ defaults {% for front, front_config in service.items() %} frontend {{ front }} {% set ssl_front = 'ssl crt /run/haproxy/' ~ front_config.ssl.certificate ~ '.pem' if front_config.ssl.certificate is vyos_defined else '' %} - bind {{ front_config.listen_address if front_config.listen_address if vyos_defined else '*' }}:{{ front_config.port }} {{ ssl_front }} +{% if front_config.listen_address is vyos_defined %} +{% for address in front_config.listen_address %} + bind {{ address | bracketize_ipv6 }}:{{ front_config.port }} {{ ssl_front }} +{% endfor %} +{% else %} + bind :::{{ front_config.port }} v4v6 {{ ssl_front }} +{% endif %} {% if front_config.redirect_http_to_https is vyos_defined %} http-request redirect scheme https unless { ssl_fc } {% endif %} -- cgit v1.2.3