From 1e7c8af114c180bc879fafde7c2406f60c014ee8 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen.haas@lakedrops.com>
Date: Fri, 17 Feb 2023 15:17:18 +0100
Subject: [PATCH] ansible-inventories/arocom#3120 Add support to route wildcard
 domains

---
 templates/haproxy_cfg.jinja2 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 12244b9..bb48922 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -65,6 +65,14 @@ frontend http_in
   http-request deny if { {{ rule }} }
 {% endfor %}
   http-request set-header x-routing-host undefined
+{% for cert in proxy_certificates %}
+{% if cert.active|default(true) %}
+{% if cert.wildcard|default(false) and cert.wildcard_host is defined %}
+  http-request set-header x-routing-host {{ cert.wildcard_host }} if { hdr(host) -m end -i '.{{ cert.domain }}' }
+  use_backend backend_redirect_ssl if { hdr(host) -m end -i '.{{ cert.domain }}' }
+{% endif %}
+{% endif %}
+{% endfor %}
   acl letsencrypt_challenge path_beg /.well-known/acme-challenge/
   http-request set-header x-routing-host maintenance if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n -f /etc/haproxy/maintenance.list }
   http-request redirect code 301 location %[base,lower,map(/etc/haproxy/redirect.domain-and-path.map)] if !letsencrypt_challenge { base,lower,map(/etc/haproxy/redirect.domain-and-path.map) -m found }
@@ -242,6 +250,9 @@ frontend https_in_{{ cert.ip }}
   http-request deny if { {{ rule }} }
 {% endfor %}
   http-request set-header x-routing-host undefined
+{% if cert.wildcard|default(false) and cert.wildcard_host is defined %}
+  http-request set-header x-routing-host {{ cert.wildcard_host }} if { hdr(x-routing-host) undefined } { hdr(host) -m end -i '.{{ cert.domain }}' }
+{% endif %}
   http-request set-header x-routing-host maintenance if { hdr(x-routing-host) undefined } { hdr(host) -i -n -f /etc/haproxy/maintenance.list }
 {% for host in groups['all']|sort %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
-- 
GitLab