Support for having ssl on cicd services and overriding listen host/port
Change-Id: I5353bed870853ac805a6fb48418a374d56a4d2f7
diff --git a/haproxy/proxy/listen/cicd/aptly.yml b/haproxy/proxy/listen/cicd/aptly.yml
index 64115ff..fb24c1f 100644
--- a/haproxy/proxy/listen/cicd/aptly.yml
+++ b/haproxy/proxy/listen/cicd/aptly.yml
@@ -1,6 +1,8 @@
parameters:
_param:
+ haproxy_aptly_api_bind_host: ${_param:haproxy_bind_address}
haproxy_aptly_api_bind_port: 8084
+ haproxy_aptly_public_bind_host: ${_param:haproxy_bind_address}
haproxy_aptly_public_bind_port: 8085
haproxy:
proxy:
@@ -13,7 +15,7 @@
- httplog
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_aptly_api_bind_host}
port: ${_param:haproxy_aptly_api_bind_port}
servers:
- name: ${_param:cluster_node01_name}
@@ -36,7 +38,7 @@
- httplog
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_aptly_public_bind_host}
port: ${_param:haproxy_aptly_public_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index a9f0a3c..51d494b 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -1,7 +1,11 @@
parameters:
_param:
+ haproxy_gerrit_bind_host: ${_param:haproxy_bind_address}
haproxy_gerrit_bind_port: 8080
+ haproxy_gerrit_ssh_bind_host: ${_param:haproxy_gerrit_bind_host}
haproxy_gerrit_ssh_bind_port: 29418
+ haproxy_gerrit_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -13,9 +17,13 @@
- httpclose
- httplog
balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_gerrit_bind_host}
port: ${_param:haproxy_gerrit_bind_port}
+ ssl: ${_param:haproxy_gerrit_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
@@ -33,7 +41,7 @@
mode: tcp
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_gerrit_ssh_bind_host}
port: ${_param:haproxy_gerrit_ssh_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index e91d9f2..7921263 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -1,7 +1,11 @@
parameters:
_param:
+ haproxy_jenkins_bind_host: ${_param:haproxy_bind_address}
haproxy_jenkins_bind_port: 8081
+ haproxy_jenkins_jnlp_bind_port: ${_param:haproxy_jenkins_bind_host}
haproxy_jenkins_jnlp_bind_port: 50000
+ haproxy_jenkins_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -13,11 +17,15 @@
- httpclose
- httplog
balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
http_response:
- action: "del-header X-Frame-Options"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_jenkins_bind_host}
port: ${_param:haproxy_jenkins_bind_port}
+ ssl: ${_param:haproxy_jenkins_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
@@ -35,7 +43,7 @@
mode: tcp
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_jenkins_jnlp_bind_host}
port: ${_param:haproxy_jenkins_jnlp_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/docker/registry.yml b/haproxy/proxy/listen/docker/registry.yml
index 2a86aa4..8d45e97 100644
--- a/haproxy/proxy/listen/docker/registry.yml
+++ b/haproxy/proxy/listen/docker/registry.yml
@@ -1,6 +1,9 @@
parameters:
_param:
+ haproxy_docker_registry_listen_host: ${_param:haproxy_bind_address}
haproxy_docker_registry_listen_port: 5000
+ haproxy_docker_registry_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -15,9 +18,9 @@
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_docker_registry_listen_host}
port: ${_param:haproxy_docker_registry_listen_port}
- ssl: ${_param:cluster_ssl_certificate}
+ ssl: ${_param:haproxy_docker_registry_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}