From be548ee3cbfe04a9450d794e7589c8f7f4f0f88c Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 7 Mar 2017 15:49:43 +0100
Subject: [PATCH] ansible-roles/letsencrypt#2 Issue and renew letsencrypt certs
 behin HaProxy without stopping any services

---
 templates/haproxy_cfg | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index f0a4a62..e6d6602 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -120,6 +120,8 @@ frontend http_in
 {% if routing is defined and routing.default is defined %}
   http-request set-header x-routing-host {{ routing.default }} if { hdr(x-routing-host) undefined } { hdr(host) -i -n {{ routing.domain }} }
 {% endif %}
+  acl letsencrypt_challenge path_beg /.well-known/acme-challenge/
+  use_backend backend_letsencrypt if letsencrypt_challenge
 {% if kibana_users is defined %}
   acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
   use_backend backend_redirect_ssl if kibana_present
@@ -341,6 +343,9 @@ backend backend_redirect_ssl
 
 backend backend_redirect
   redirect scheme http if TRUE
+
+backend backend_letsencrypt
+  server letsencrypt 127.0.0.1:54321
 {% if kibana_users is defined %}
 
 backend backend_kibana
-- 
GitLab