forked from glarizza/puppet-haproxy
-
Notifications
You must be signed in to change notification settings - Fork 268
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add verifyhost parameter to balancermember resource
The verifyhost parameter from haproxy [1] will attempt to match the server's certificate CN or SubjectAltName, and will fail if there is no match. In the balancermember resource, it was added as a boolean, since it's somewhat difficult to add the parameter to the options list, since each hostname in the verifyhost will be different for each of the servers in the server_names list. So, to address this, we now can specify a boolean, and if it's set to true, it will use the host of the specific server line and use it for the verifyhost option. Note that this configuration only works if we are using HAProxy with OpenSSL, and if we set up the 'ssl' and 'verify required' options in the options of the servers. [1] https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2-verifyhost
- Loading branch information
Showing
4 changed files
with
28 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
<% Array(@ipaddresses).zip(Array(@server_names)).each do |ipaddress,host| -%> | ||
<% if @ports -%> | ||
<%- Array(@ports).each do |port| -%> | ||
server <%= host %> <%= ipaddress %>:<%= port %><%= if @define_cookies then " cookie " + host end %> <%= Array(@options).sort.join(" ") %> | ||
server <%= host %> <%= ipaddress %>:<%= port %><%= if @define_cookies then " cookie " + host end %> <%= Array(@options).sort.join(" ") %><% if @verifyhost == true %> verifyhost <%= host %><% end %> | ||
<%- end -%> | ||
<% else -%> | ||
server <%= host %> <%= ipaddress %><%= if @define_cookies then " cookie " + host end %> <%= Array(@options).sort.join(" ") %> | ||
server <%= host %> <%= ipaddress %><%= if @define_cookies then " cookie " + host end %> <%= Array(@options).sort.join(" ") %><% if @verifyhost == true %> verifyhost <%= host %><% end %> | ||
<%- end -%> | ||
<% end -%> |