From d4206a0885c080ef2e4b19ff33a30abc8b479dad Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Tue, 22 Apr 2025 16:37:22 +0200 Subject: haproxy: T7122: render explicit http configuration to properly bind port 80 If redirect-http-to-https is set we will render a discrete onfiguration in HAproxy to properly claim port 80 in the system to detect if a service is alreadey using the port or not. --- data/templates/load-balancing/haproxy.cfg.j2 | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'data') diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2 index 70ea5d2b0..2287cb815 100644 --- a/data/templates/load-balancing/haproxy.cfg.j2 +++ b/data/templates/load-balancing/haproxy.cfg.j2 @@ -53,6 +53,20 @@ defaults # Frontend {% if service is vyos_defined %} {% for front, front_config in service.items() %} + +{% if front_config.redirect_http_to_https is vyos_defined %} +frontend {{ front }}-http + mode http +{% if front_config.listen_address is vyos_defined %} +{% for address in front_config.listen_address %} + bind {{ address | bracketize_ipv6 }}:80 +{% endfor %} +{% else %} + bind [::]:80 v4v6 +{% endif %} + redirect scheme https code 301 if !{ ssl_fc } +{% endif %} + frontend {{ front }} {% set ssl_front = [] %} {% if front_config.ssl.certificate is vyos_defined and front_config.ssl.certificate is iterable %} @@ -68,9 +82,6 @@ frontend {{ front }} {% else %} bind [::]:{{ front_config.port }} v4v6 {{ ssl_directive }} {{ ssl_front | join(' ') }} {% endif %} -{% if front_config.redirect_http_to_https is vyos_defined %} - http-request redirect scheme https unless { ssl_fc } -{% endif %} {% if front_config.logging is vyos_defined %} {% for facility, facility_config in front_config.logging.facility.items() %} log /dev/log {{ facility }} {{ facility_config.level }} -- cgit v1.2.3