From 9f0356ee40daae9124a5531728c636e56fede6a7 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 22 Jan 2018 17:26:10 +0100
Subject: [PATCH] ansible-inventories/alphabet#1868 Support regex in
 HOST.path.list files and implement a debug mode

---
 defaults/main.yml            |  1 +
 templates/haproxy_cfg.jinja2 | 40 ++++++++++++++++++++++++++++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 74c262b..bbd7383 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,5 @@
 default_proxy: ''
+proxy_debug: false
 proxy_default_backend: ''
 proxy_certificates: []
 proxy_timeout_connect: '5s'
diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 97fe6b1..ec28b99 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -121,7 +121,7 @@ frontend http_in
 {% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
-  http-request set-header x-routing-host {{ host }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
+  http-request set-header x-routing-host {{ host }} if !letsencrypt_challenge { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -m reg -i -n -f /etc/haproxy/{{ host }}.path.list }
 {% endif %}
 {% endfor %}
 {% for host in groups['webserver']|sort %}
@@ -242,7 +242,7 @@ frontend https_in_{{ cert.ip }}
 {% if 'webserver' in groups %}
 {% for host in groups['webserver']|sort %}
 {% if hostvars[host].routing is defined %}
-  http-request set-header x-routing-host {{ host }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -i -n -f /etc/haproxy/{{ host }}.path.list }
+  http-request set-header x-routing-host {{ host }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ hostvars[host].routing.domain }} } { path -m reg -i -n -f /etc/haproxy/{{ host }}.path.list }
 {% endif %}
 {% endfor %}
 {% for host in groups['webserver']|sort %}
@@ -299,6 +299,9 @@ frontend https_in_{{ cert.ip }}
 {% for external in cert.external|default([]) %}
 
 backend backend_{{ external.key }}
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ external.key }}"
+{% endif %}
 {% for line in external.extra|default([]) %}
   {{ line }}
 {% endfor %}
@@ -310,11 +313,17 @@ backend backend_{{ external.key }}
 {% if proxy_default_backend not in groups['webserver'] %}
 
 backend backend_{{ proxy_default_backend }}
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "deny"
+{% endif %}
   http-response deny
 {% endif %}
 {% for host in groups['webserver']|sort %}
 
 backend backend_{{host}}
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}"
+{% endif %}
 {% if host == inventory_hostname or host == 'localhost' %}
   http-response deny
 {% else %}
@@ -325,6 +334,9 @@ backend backend_{{host}}
 {% endif %}
 
 backend backend_{{host}}_bigpipe
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}_bigpipe"
+{% endif %}
 {% if host == inventory_hostname or host == 'localhost' %}
   http-response deny
 {% else %}
@@ -336,6 +348,9 @@ backend backend_{{host}}_bigpipe
 {% endif %}
 
 backend backend_{{host}}_https
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}_https"
+{% endif %}
 {% if host == inventory_hostname or host == 'localhost' %}
   http-response deny
 {% else %}
@@ -347,6 +362,9 @@ backend backend_{{host}}_https
 {% endif %}
 
 backend backend_{{host}}_https_bigpipe
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}_https_bigpipe"
+{% endif %}
 {% if host == inventory_hostname or host == 'localhost' %}
   http-response deny
 {% else %}
@@ -362,6 +380,9 @@ backend backend_{{host}}_https_bigpipe
 {% if varnish_host|default(false) %}
 
 backend backend_varnish
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "varnish"
+{% endif %}
   option httpchk HEAD /varnishcheck
   http-request set-header x-real-ip %[src]
   http-check expect status 200
@@ -374,6 +395,9 @@ backend backend_varnish
 {% endif %}
 
 backend backend_varnish_bigpipe
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "varnish_bigpipe"
+{% endif %}
   no option http-buffer-request
   option httpchk HEAD /varnishcheck
   http-check expect status 200
@@ -387,16 +411,28 @@ backend backend_varnish_bigpipe
 {% endif %}
 
 backend backend_redirect_ssl
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "redirect_ssl"
+{% endif %}
   redirect scheme https code 301 if TRUE
 
 backend backend_redirect
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "redirect"
+{% endif %}
   redirect scheme http code 301 if TRUE
 
 backend backend_letsencrypt
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "letsencrypt"
+{% endif %}
   server letsencrypt 127.0.0.1:54321
 {% if kibana_users is defined %}
 
 backend backend_kibana
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "kibana"
+{% endif %}
   server kibana 127.0.0.1:5601 check maxconn 32
   acl kibana_auth http_auth(kibana) if kibana_present
   http-request auth realm Kibana if !kibana_auth
-- 
GitLab