Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ssl specific options to bind. #122

Closed
wants to merge 1 commit into from

Conversation

esbjerg
Copy link

@esbjerg esbjerg commented Aug 20, 2014

Change adds support for configuring bind options based on whether it is port 443 (ssl) or something different.
Needed to be able to do things like this: https://raymii.org/s/tutorials/haproxy_client_side_ssl_certificates.html

Removed some indentation to make the resulting configuration file look better.

@antaflos
Copy link

That change seems unnecessary. What keeps you from putting SSL-related bind options in the bind_options array? I don't see the need for an SSL-specific bind_options_ssl array. Especially since the SSL port could be anything and not just 443.

@esbjerg
Copy link
Author

esbjerg commented Aug 20, 2014

When you define a frontend on more than one port like this:

haproxy::frontend { 'www':
    ipaddress            => '172.16.21.44',
    ports                => '80,443',

The bind_options will be added to both bind statements - so you will get:

frontend www
bind 172.16.21.44:80 ssl crt /etc/haproxy/some.cert.pem
bind 172.16.21.44:443 ssl crt /etc/haproxy/some.cert.pem

With my change you get:

frontend www
bind 172.16.21.44:80
bind 172.16.21.44:443 ssl crt /etc/haproxy/some.cert.pem

@antaflos
Copy link

Ah, I see what you mean now. But your change still is quite inflexible and focused on the port being 443. Have a look at the discussion and proposed changes by @hunner in #119. IMHO that's the better way to go about setting different bind options for different ports and IP addresses.

@esbjerg
Copy link
Author

esbjerg commented Aug 21, 2014

I think the discussion of the change should happen in #119.
My solution was just a quick fix :P

@KlavsKlavsen
Copy link

I've actually coded this before. What I did - was to simply define sslports (as well as just ports) - so I could use the bind_options_ssl for sslports and bind_options for ports.

@underscorgan
Copy link

@esbjerg thanks for the contribution, but I think this is covered by #119 so I'm going to close this PR. If that doesn't cover what you need please resubmit!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants