ansible-inventories/arocom#3120 Add support to route wildcard domains

1e7c8af1 · jurgenhaas · fe279f08 · 1e7c8af1
Commit 1e7c8af1 authored 2 years ago by jurgenhaas
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -65,6 +65,14 @@ frontend http_in
  http-request deny if { {{ rule }} }
 {% endfor %}
  http-request set-header x-routing-host undefined
+{% for cert in proxy_certificates %}
+{% if cert.active|default(true) %}
+{% if cert.wildcard|default(false) and cert.wildcard_host is defined %}
+  http-request set-header x-routing-host {{ cert.wildcard_host }} if { hdr(host) -m end -i '.{{ cert.domain }}' }
+  use_backend backend_redirect_ssl if { hdr(host) -m end -i '.{{ cert.domain }}' }
+{% endif %}
+{% endif %}
+{% endfor %}
  acl letsencrypt_challenge path_beg /.well-known/acme-challenge/
  http-request set-header x-routing-host maintenance if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n -f /etc/haproxy/maintenance.list }
  http-request redirect code 301 location %[base,lower,map(/etc/haproxy/redirect.domain-and-path.map)] if !letsencrypt_challenge { base,lower,map(/etc/haproxy/redirect.domain-and-path.map) -m found }
@@ -242,6 +250,9 @@ frontend https_in_{{ cert.ip }}
  http-request deny if { {{ rule }} }
 {% endfor %}
  http-request set-header x-routing-host undefined
+{% if cert.wildcard|default(false) and cert.wildcard_host is defined %}
+  http-request set-header x-routing-host {{ cert.wildcard_host }} if { hdr(x-routing-host) undefined } { hdr(host) -m end -i '.{{ cert.domain }}' }
+{% endif %}
  http-request set-header x-routing-host maintenance if { hdr(x-routing-host) undefined } { hdr(host) -i -n -f /etc/haproxy/maintenance.list }
 {% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}