From fe279f081173c9f33af6f053f987c0af95f63254 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Thu, 12 May 2022 19:41:05 +0200
Subject: [PATCH] Improve handling of special rules

---
 templates/haproxy_cfg.jinja2 | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 98b62ef..12244b9 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -193,7 +193,7 @@ frontend http_in
   use_backend backend_{{ host }} if { hdr(x-routing-host) {{ host }} }
 {% for rule in hostvars[host].proxy_special_rules|default([]) %}
   acl proxy_special_rules_{{host}}_{{rule}} {{ hostvars[host].proxy_special_rules[rule] }}
-  use_backend backend_{{host}} if proxy_special_rules_{{host}}_{{rule}}
+  use_backend backend_{{host}}_special_{{ rule }} if proxy_special_rules_{{host}}_{{rule}}
 {% endfor %}
 {% if hostvars[host].proxy_crm_domains is defined %}
   acl crm_domain_in_{{host}} hdr_dom(host) -i -n -f /etc/haproxy/{{host}}.crm.list
@@ -345,7 +345,7 @@ frontend https_in_{{ cert.ip }}
   use_backend backend_redirect if redirect_{{host}}
 {% for rule in hostvars[host].proxy_special_rules|default([]) %}
   acl proxy_special_rules_{{host}}_{{rule}} {{ hostvars[host].proxy_special_rules[rule] }}
-  use_backend backend_{{host}}_https if proxy_special_rules_{{host}}_{{rule}}
+  use_backend backend_{{host}}_special_{{ rule }}_https if proxy_special_rules_{{host}}_{{rule}}
 {% endfor %}
 {% if hostvars[host].proxy_crm_domains is defined %}
   acl crm_domain_in_{{host}} hdr_dom(host) -i -n -f /etc/haproxy/{{host}}.crm.list
@@ -432,6 +432,29 @@ backend backend_{{host}}_https_bigpipe
   http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
   server server_{{host}} {{hostvars[host]['static_ipv4']}}:80 check maxconn {{hostvars[host]['proxy_maxconn']|default(proxy_maxconn)}}
 {% endif %}
+{% for rule in hostvars[host].proxy_special_rules|default([]) %}
+
+backend backend_{{host}}_special_{{ rule }}
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}"
+{% endif %}
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  server server_{{host}} {{hostvars[host]['static_ipv4']}}:80 check maxconn {{hostvars[host]['proxy_maxconn']|default(proxy_maxconn)}}
+{% endif %}
+
+backend backend_{{host}}_special_{{ rule }}_https
+{% if proxy_debug %}
+  http-response set-header X-Proxy-Backend "{{ host }}_https"
+{% endif %}
+{% if host == inventory_hostname or host == 'localhost' %}
+  http-response deny
+{% else %}
+  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
+  server server_{{host}} {{hostvars[host]['static_ipv4']}}:80 check maxconn {{hostvars[host]['proxy_maxconn']|default(proxy_maxconn)}}
+{% endif %}
+{% endfor %}
 {% endfor %}
 {% endif %}
 {% if varnish_host|default(false) %}
-- 
GitLab