From 90351ce59e311051ab77498e6e1d48de4876005b Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 5 Nov 2024 06:32:49 -0600
Subject: [PATCH] r/dch-proxy: Include host name in log messages

When troubleshooting configuration or connection issues, it will be
helpful to have the value of the HTTP Host header present in log
messages emitted by HAProxy.  This will help reason about HAProxy's
routing decisions.

For TLS connections, of course, we don't have access to the Host header,
but we can use the value of the TLS SNI field.  Note that the requisite
`content set-var` directive MUST come before the `content accept`;
HAProxy stops processing all `tcp-request content ...` directives once
it has encountered a decision.
---
 roles/dch-proxy/templates/haproxy.cfg.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/dch-proxy/templates/haproxy.cfg.j2 b/roles/dch-proxy/templates/haproxy.cfg.j2
index afa2723..1fa0e0d 100644
--- a/roles/dch-proxy/templates/haproxy.cfg.j2
+++ b/roles/dch-proxy/templates/haproxy.cfg.j2
@@ -7,9 +7,13 @@ acl blocklist src {{ dch_proxy_blocklist|join(' ') }}
 frontend main
     bind :::80
 
+    log-format "${HAPROXY_HTTP_LOG_FMT} %[var(txn.http_host)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
 
+    http-request set-var(txn.http_host) req.hdr(host)
+
 {% for site in dch_proxy_sites %}
     use_backend {{ site.backend }} if { hdr(host) -i {% if site.matcher|d %}-m {{ site.matcher }} {% endif %}{{ site.match }} }
 {% endfor %}
@@ -20,9 +24,12 @@ frontend main-tls
     mode tcp
     option tcplog
 
+    log-format "${HAPROXY_TCP_LOG_FMT} %[var(txn.ssl_sni)]"
+
     {{ acls() | indent(4) }}
     tcp-request connection reject if blocklist !allowlist
     tcp-request inspect-delay 5s
+    tcp-request content set-var(txn.ssl_sni) req.ssl_sni
     tcp-request content accept if { req.ssl_hello_type 1 }
 
 {% for site in dch_proxy_sites %}