Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / haproxy / 77636141bdcf6ac2ed6a990f6dd31e14ba667e51^! / .
commit77636141bdcf6ac2ed6a990f6dd31e14ba667e51[log] [tgz]
authorIldar Svetlov <isvetlov@mirantis.com>Thu Sep 28 16:42:16 2017 +0400
committerIldar Svetlov <isvetlov@mirantis.com>Tue Oct 10 18:13:38 2017 +0400
treeaed41a49d49c5949b02e18d5f30f6842803a5cce
parentfbc3b0411644fcfa3d2a029048e06bc35a38e12a [diff]
Add customizable forwardfor option

Change-Id: I484abdd19eaa4b4530a9d937b8391713e828af39

diff --git a/README.rst b/README.rst
index 871f567..da53030 100644
--- a/README.rst
+++ b/README.rst

@@ -2,7 +2,7 @@
 HAproxy
 =======
 
-The Reliable, High Performance TCP/HTTP Load Balancer. 
+The Reliable, High Performance TCP/HTTP Load Balancer.
 
 
 Sample pillars
@@ -133,7 +133,7 @@
             - name: node1
               host: 10.0.88.13
               port: 5673
-              params: check inter 5000 rise 2 fall 3 
+              params: check inter 5000 rise 2 fall 3
             - name: node2
               host: 10.0.88.14
               port: 5673
@@ -189,7 +189,7 @@
             - name: node1
               host: 10.0.88.13
               port: 5673
-              params: check inter 5000 rise 2 fall 3 
+              params: check inter 5000 rise 2 fall 3
             - name: node2
               host: 10.0.88.14
               port: 5673
@@ -361,6 +361,36 @@
                - type: hdr_dom(host)
                  condition: docker.domain.com
 
+Enable customisable ``forwardfor`` option in ``defaults`` section.
+
+.. code-block:: yaml
+
+  haproxy:
+    proxy:
+      enabled: true
+      mode: tcp
+      logging: syslog
+      max_connections: 1024
+      forwardfor:
+        enabled: true
+        except:
+        header:
+        if-none: false
+
+.. code-block:: yaml
+
+  haproxy:
+    proxy:
+      enabled: true
+      mode: tcp
+      logging: syslog
+      max_connections: 1024
+      forwardfor:
+        enabled: true
+        except: 127.0.0.1
+        header: X-Real-IP
+        if-none: false
+
 Read more
 =========
 

diff --git a/haproxy/files/haproxy.cfg b/haproxy/files/haproxy.cfg
index 6d0392a..513db53 100644
--- a/haproxy/files/haproxy.cfg
+++ b/haproxy/files/haproxy.cfg

@@ -30,6 +30,9 @@
   mode http
 
   maxconn {{ proxy.maxconn|default(8000) }}
+{%- if proxy.get('forwardfor', {}).enabled|default(False) %}
+  option forwardfor{% if proxy.forwardfor.get('except', False) %} except {{proxy.forwardfor.except}}{% endif %}{% if proxy.forwardfor.get('header', False) %} header {{proxy.forwardfor.header}}{% endif %}{% if proxy.forwardfor.get('if-none') %} if-none{% endif %}
+{%- endif %}
   option  redispatch
   retries  {{ proxy.retries|default(3) }}
   stats  enable

diff --git a/tests/pillar/admin.sls b/tests/pillar/admin.sls
index aa2c086..210d3cc 100644
--- a/tests/pillar/admin.sls
+++ b/tests/pillar/admin.sls

@@ -9,4 +9,4 @@
         - address: '0.0.0.0'
           port: 9600
         user: admin
-        password: password
\ No newline at end of file
+        password: password

diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 3d1e9e4..0129244 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls

@@ -1,6 +1,8 @@
 haproxy:
   proxy:
     enabled: true
+    forwardfor:
+      enabled: true
     mode: tcp
     logging: syslog
-    max_connections: 1024
\ No newline at end of file
+    max_connections: 1024

diff --git a/tests/pillar/single_forwardfor.sls b/tests/pillar/single_forwardfor.sls
new file mode 100644
index 0000000..2c78c52
--- /dev/null
+++ b/tests/pillar/single_forwardfor.sls

@@ -0,0 +1,11 @@
+haproxy:
+  proxy:
+    enabled: true
+    forwardfor:
+      enabled: true
+      except: 127.0.0.1
+      header: X-Custom-Header
+      if-none: true
+    mode: tcp
+    logging: syslog
+    max_connections: 1024

diff --git a/tests/pillar/stats.sls b/tests/pillar/stats.sls
index e84e01f..35935d4 100644
--- a/tests/pillar/stats.sls
+++ b/tests/pillar/stats.sls

@@ -1,6 +1,8 @@
 haproxy:
   proxy:
     enabled: true
+    forwardfor:
+      enabled: false
     listen:
       admin_page:
         type: stats