Add extra controls for frontend redirects
This patch adds two new variables for a service: * haproxy_redirect_scheme This variable allows a custom string to be specified to override the default condition used to redirect http to https. * haproxy_frontend_acls This variable works in the same way as haproxy_acls except it applies the acl to the frontend rather than the backend configuration. This can be required when some paths are not redirected to https but must instead be handled by a specific backend. Change-Id: I6b13375ba738d7659681ca773297d0b6b0fd7efb
This commit is contained in:
parent
55838c7aac
commit
f35867466c
|
@ -57,6 +57,11 @@ haproxy_service_configs: []
|
|||
# white_list:
|
||||
# rule: "src 127.0.0.1/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
|
||||
# backend_name: "mybackend"
|
||||
# haproxy_frontend_acls:
|
||||
# letsencrypt-acl:
|
||||
# rule: "path_beg /.well-known/acme-challenge/"
|
||||
# backend_name: letsencrypt
|
||||
|
||||
galera_monitoring_user: monitoring
|
||||
haproxy_bind_on_non_local: False
|
||||
|
||||
|
|
|
@ -36,7 +36,11 @@
|
|||
frontend {{ item.service.haproxy_service_name }}-redirect-front-{{ loop.index }}
|
||||
bind {{ vip_bind }}:{{ item.service.haproxy_redirect_http_port }}
|
||||
mode http
|
||||
redirect scheme https if !{ ssl_fc }
|
||||
redirect scheme {{ item.service.haproxy_redirect_scheme | default('https if !{ ssl_fc }') }}
|
||||
{% for key, value in item.service.haproxy_frontend_acls.items() %}
|
||||
acl {{ key }} {{ value.rule }}
|
||||
use_backend {{ value.backend_name | default(item.service.haproxy_service_name) }}-back if {{ key }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue