From 90fc5769a04b09458099226490e9c5534853b1ea Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 16 Nov 2017 09:43:19 +0100
Subject: [PATCH] Sanitize some if statements in jinja2

---
 templates/haproxy_cfg.jinja2 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index b594c39..c06c377 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -106,6 +106,7 @@ frontend http_in
 {% endfor %}
 {% endif %}
 {% endfor %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
   http-request set-header x-routing-host {{ host }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
@@ -118,6 +119,7 @@ frontend http_in
 {% endfor %}
 {% endif %}
 {% endfor %}
+{% endif %}
 {% if routing is defined and routing.default is defined %}
   http-request set-header x-routing-host {{ routing.default }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
 {% endif %}
@@ -126,10 +128,12 @@ frontend http_in
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_redirect_ssl if kibana_present
 {% endif %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
   acl redirect_ssl_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_redirect_ssl if redirect_ssl_{{host}}
 {% endfor %}
+{% endif %}
   acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
   acl is_purge method PURGE
@@ -141,6 +145,7 @@ frontend http_in
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
   use_backend backend_{{ host }}_bigpipe if domain_uses_bigpipe { hdr(x-routing-host) {{ host }} }
   use_backend backend_{{ host }} if { hdr(x-routing-host) {{ host }} }
@@ -158,6 +163,7 @@ frontend http_in
   use_backend backend_{{host}} if crm_domain_in_{{host}}
 {% endif %}
 {% endfor %}
+{% endif %}
 {% for cert in proxy_certificates %}
 {% if cert.active|default(true) %}
 
@@ -216,6 +222,7 @@ frontend https_in_{{ cert.ip }}
 {% endfor %}
 {% endif %}
 {% endfor %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
   http-request set-header x-routing-host {{ host }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
@@ -228,6 +235,7 @@ frontend https_in_{{ cert.ip }}
 {% endfor %}
 {% endif %}
 {% endfor %}
+{% endif %}
 {% if routing is defined and routing.default is defined %}
   http-request set-header x-routing-host {{ routing.default }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
 {% endif %}
@@ -239,10 +247,12 @@ frontend https_in_{{ cert.ip }}
   acl is_{{ external.key }} {{ external.acl }}
   use_backend backend_{{ external.key }} if is_{{ external.key }}
 {% endfor %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
   acl crm_redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
   use_backend backend_redirect if crm_redirect_{{host}}
 {% endfor %}
+{% endif %}
   acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
 {% if varnish_host|default(false) %}
   acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
@@ -250,6 +260,7 @@ frontend https_in_{{ cert.ip }}
   acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
   use_backend backend_varnish if static_content !domain_ignores_varnish
 {% endif %}
+{% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
   use_backend backend_{{ host }}_https_bigpipe if domain_uses_bigpipe { hdr(x-routing-host) {{ host }} }
   use_backend backend_{{ host }}_https if { hdr(x-routing-host) {{ host }} }
@@ -267,6 +278,7 @@ frontend https_in_{{ cert.ip }}
 {% if hostvars[host].proxy_crm_domains is defined %}
 {% endif %}
 {% endfor %}
+{% endif %}
 {% for external in cert.external|default([]) %}
 
 backend backend_{{ external.key }}
@@ -277,6 +289,7 @@ backend backend_{{ external.key }}
 {% endfor %}
 {% endif %}
 {% endfor %}
+{% if 'webserver' in groups %}
 {% if proxy_default_backend not in groups['webserver'] %}
 
 backend backend_{{ proxy_default_backend }}
@@ -328,6 +341,7 @@ backend backend_{{host}}_https_bigpipe
   server server_{{host}} {{hostvars[host]['static_ipv4']}}:80 check maxconn {{hostvars[host]['proxy_maxconn']|default(proxy_maxconn)}}
 {% endif %}
 {% endfor %}
+{% endif %}
 {% if varnish_host|default(false) %}
 
 backend backend_varnish
-- 
GitLab