Skip to content
Snippets Groups Projects
Commit 4809be21 authored by jurgenhaas's avatar jurgenhaas
Browse files

Allow haproxy_private to be limited to certain domains only

parent 9f0356ee
No related branches found
No related tags found
No related merge requests found
...@@ -95,6 +95,16 @@ ...@@ -95,6 +95,16 @@
when: haproxy_private is defined when: haproxy_private is defined
notify: "Check HAProxy Config" notify: "Check HAProxy Config"
- name: "Update private domains"
template:
src='privatelist.domain.jinja2'
dest='/etc/haproxy/privatelist.domain'
owner='root'
group='root'
mode='644'
when: haproxy_private is defined and haproxy_private.domain
notify: "Check HAProxy Config"
- name: "Create config file" - name: "Create config file"
template: template:
src='haproxy_cfg.jinja2' src='haproxy_cfg.jinja2'
......
...@@ -61,9 +61,14 @@ frontend http_in ...@@ -61,9 +61,14 @@ frontend http_in
bind *:80 bind *:80
http-request del-header Proxy http-request del-header Proxy
{% if haproxy_private is defined %} {% if haproxy_private is defined %}
{% if haproxy_private.domain is defined %}
acl privatedomain hdr(host) -i -n -f /etc/haproxy/privatelist.domain
{% else %}
acl privatedomain if true
{% endif %}
acl privateip src -f /etc/haproxy/privatelist.ip acl privateip src -f /etc/haproxy/privatelist.ip
acl private_auth http_auth(notprivate) if !privateip acl private_auth http_auth(notprivate) if !privateip
http-request auth realm notprivate if !privateip !private_auth http-request auth realm notprivate if privatedomain !privateip !private_auth
{% endif %} {% endif %}
acl blockedip src -f /etc/haproxy/blacklist.ip acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip http-request deny if blockedip
...@@ -183,9 +188,14 @@ frontend https_in_{{ cert.ip }} ...@@ -183,9 +188,14 @@ frontend https_in_{{ cert.ip }}
bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3 bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
http-request del-header Proxy http-request del-header Proxy
{% if haproxy_private is defined %} {% if haproxy_private is defined %}
{% if haproxy_private.domain is defined %}
acl privatedomain hdr(host) -i -n -f /etc/haproxy/privatelist.domain
{% else %}
acl privatedomain if true
{% endif %}
acl privateip src -f /etc/haproxy/privatelist.ip acl privateip src -f /etc/haproxy/privatelist.ip
acl private_auth http_auth(notprivate) if !privateip acl private_auth http_auth(notprivate) if !privateip
http-request auth realm notprivate if !privateip !private_auth http-request auth realm notprivate if privatedomain !privateip !private_auth
{% endif %} {% endif %}
acl blockedip src -f /etc/haproxy/blacklist.ip acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip http-request deny if blockedip
......
{% for domain in haproxy_private.domain %}
{{ domain }}
{% endfor %}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment