2021-11-22 14:45:49 +00:00
|
|
|
global
|
|
|
|
|
balance roundrobin
|
|
|
|
|
|
|
|
|
|
frontend http
|
|
|
|
|
bind :80
|
|
|
|
|
bind :443 ssl crt /etc/haproxy/cert.pem
|
|
|
|
|
option forwardfor
|
|
|
|
|
|
|
|
|
|
# XXX: To test configuration
|
|
|
|
|
#http-request set-header Host domain.local
|
|
|
|
|
|
|
|
|
|
# Set environment
|
|
|
|
|
|
|
|
|
|
http-request set-var(req.backend) req.hdr(host),map_str(/etc/haproxy/maps/host.map)
|
|
|
|
|
http-request set-var(req.backend) base,map_beg(/etc/haproxy/maps/base.map)
|
|
|
|
|
http-request set-var(req.acl) src,map_ip(/etc/haproxy/maps/acl.map)
|
|
|
|
|
http-request set-var(req.zone) var(req.backend),map_str(/etc/haproxy/maps/zone.map)
|
|
|
|
|
http-request set-var(req.aclZone) var(req.acl),concat(/,req.zone)
|
|
|
|
|
|
|
|
|
|
# XXX: Debugging
|
|
|
|
|
#log-format "%[var(txn.test)]"
|
|
|
|
|
|
|
|
|
|
# ACL check
|
|
|
|
|
|
|
|
|
|
acl allow var(req.aclZone) -f /etc/haproxy/maps/access.map
|
|
|
|
|
http-request deny if !allow
|
|
|
|
|
|
|
|
|
|
# HTTPS redirect
|
|
|
|
|
|
|
|
|
|
acl https var(req.backend) -f /etc/haproxy/maps/https.map
|
|
|
|
|
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
|
|
|
|
redirect scheme https if !{ ssl_fc } https
|
|
|
|
|
|
|
|
|
|
# Backend
|
|
|
|
|
|
|
|
|
|
default_backend not-found
|
|
|
|
|
use_backend %[var(req.backend)]
|
2020-01-27 16:25:39 +00:00
|
|
|
|
|
|
|
|
# Auto-generated backends
|
|
|
|
|
|
|
|
|
|
{{#each services}}
|
2021-11-22 14:45:49 +00:00
|
|
|
{{#if isTcp}}
|
2020-01-28 13:57:24 +00:00
|
|
|
backend {{name}}
|
2020-01-29 16:01:39 +00:00
|
|
|
{{#each ../nodes}}
|
2021-11-22 14:45:49 +00:00
|
|
|
{{#if isWorker}}
|
2020-01-29 16:01:39 +00:00
|
|
|
server {{name}}:{{../port}} {{address}}:{{../port}} check
|
2021-11-22 14:45:49 +00:00
|
|
|
{{/if}}
|
2020-01-27 16:25:39 +00:00
|
|
|
{{/each}}
|
2021-02-22 10:22:35 +00:00
|
|
|
{{/if}}
|
2020-01-27 16:25:39 +00:00
|
|
|
{{/each}}
|
