Commit 6d1680cc authored by Lukáš Lalinský's avatar Lukáš Lalinský

Allow HTTP traffic

parent e95e08c6
Pipeline #20300 passed with stage
in 34 seconds
......@@ -32,6 +32,7 @@ type siteInfo struct {
Routes []siteRouteInfo `json:"routes"`
EnableAuth bool `json:"authenticate"`
Users []siteUserInfo `json:"users"`
AllowHTTP bool `json:"allow_http"`
}
type letsEncryptInfo struct {
......@@ -111,15 +112,14 @@ frontend fe_http
bind *:80
acl is_health path_beg /_health
acl is_letsencrypt path_beg /.well-known/acme-challenge
redirect scheme https code 301 if !is_letsencrypt !is_health
use_backend be_utils if is_health
use_backend be_letsencrypt if is_letsencrypt
frontend fe_https
bind *:443 ssl crt {{$.SSLDir}} alpn h2,http/1.1
acl is_health path_beg /_health
use_backend be_utils if is_health
acl is_letsencrypt path_beg /.well-known/acme-challenge
use_backend be_utils if is_health
use_backend be_letsencrypt if is_letsencrypt
{{range $site := .Sites}}
{{"\t"}}acl domain_{{.Name}} ssl_fc_sni -i {{.Domain}}
......@@ -173,6 +173,7 @@ backend be_{{$site.Name}}_{{.Name}}
{{- range $i, $server := .Servers}}
{{"\t"}}server-template srv_{{$i}}_ 100 {{.Host}}:{{.Port}} check resolvers main
{{- end}}
{{if not $site.AllowHTTP}}{{"\t"}}redirect scheme https code 301 if { !ssl_fc }{{end}}
{{end}}
{{end}}
`
......
......@@ -135,15 +135,14 @@ frontend fe_http
bind *:80
acl is_health path_beg /_health
acl is_letsencrypt path_beg /.well-known/acme-challenge
redirect scheme https code 301 if !is_letsencrypt !is_health
use_backend be_utils if is_health
use_backend be_letsencrypt if is_letsencrypt
frontend fe_https
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
acl is_health path_beg /_health
use_backend be_utils if is_health
acl is_letsencrypt path_beg /.well-known/acme-challenge
use_backend be_utils if is_health
use_backend be_letsencrypt if is_letsencrypt
acl domain_example ssl_fc_sni -i example.com
......@@ -183,6 +182,7 @@ backend be_example_web
option httpchk GET /_health
http-check expect status 200
server-template srv_0_ 100 srv1.example.com:8080 check resolvers main
redirect scheme https code 301 if { !ssl_fc }
backend be_example_api
balance roundrobin
......@@ -193,6 +193,7 @@ backend be_example_api
option httpchk GET /_health
http-check expect status 200
server-template srv_0_ 100 srv-api1.example.com:8081 check resolvers main
redirect scheme https code 301 if { !ssl_fc }
backend be_example2_default
......@@ -203,6 +204,7 @@ backend be_example2_default
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request del-header Authorization
server-template srv_0_ 100 srv1.example2.com:8090 check resolvers main
redirect scheme https code 301 if { !ssl_fc }
`
assertLongStringEqual(t, output, expectedOutput)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment