50 lines
1.5 KiB
Django/Jinja
50 lines
1.5 KiB
Django/Jinja
{% macro acls() %}
|
|
acl internal_net src {{ dch_proxy_internal_networks|join(' ') }}
|
|
acl allowlist src {{ dch_proxy_allowlist|join(' ') }}
|
|
acl blocklist src {{ dch_proxy_blocklist|join(' ') }}
|
|
{% endmacro %}
|
|
|
|
frontend main
|
|
bind *:80,:::80 v6only
|
|
|
|
log-format "${HAPROXY_HTTP_LOG_FMT} %[var(txn.http_host)]"
|
|
|
|
{{ acls() | indent(4) }}
|
|
tcp-request connection reject if blocklist !allowlist
|
|
|
|
http-request set-var(txn.http_host) req.hdr(host)
|
|
|
|
{% for site in dch_proxy_sites %}
|
|
use_backend {{ site.backend }} if { hdr(host) -i {% if site.matcher|d %}-m {{ site.matcher }} {% endif %}{{ site.match }} }
|
|
{% endfor %}
|
|
use_backend kubernetes if internal_net
|
|
|
|
frontend main-tls
|
|
bind *:443,:::443 v6only
|
|
mode tcp
|
|
option tcplog
|
|
|
|
log-format "${HAPROXY_TCP_LOG_FMT} %[var(txn.ssl_sni)]"
|
|
|
|
{{ acls() | indent(4) }}
|
|
tcp-request connection reject if blocklist !allowlist
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content set-var(txn.ssl_sni) req.ssl_sni
|
|
tcp-request content accept if { req.ssl_hello_type 1 }
|
|
|
|
{% for site in dch_proxy_sites %}
|
|
use_backend {{ site.backend }}-tls if { req.ssl_sni -i {% if site.matcher|d %}-m {{ site.matcher }} {% endif %}{{ site.match }} }
|
|
{% endfor %}
|
|
use_backend kubernetes-tls if internal_net
|
|
|
|
{% for name, backend in dch_proxy_backends.items() %}
|
|
|
|
backend {{ name }}
|
|
{% if backend.mode|d %}
|
|
mode {{ backend.mode }}
|
|
{% endif %}
|
|
{% for server in backend.servers %}
|
|
server {{ server.name }} {{ server.host }} {{ server.options }}
|
|
{% endfor %}
|
|
{% endfor %}
|