Merge branch 'add_X-Forwarded-For_header' into 'master'

Add x forwarded for header

See merge request !3
This commit is contained in:
Joachim Lusiardi 2016-12-30 10:46:17 +01:00
commit 2daf41afdc
4 changed files with 27 additions and 2 deletions

View File

@ -15,7 +15,7 @@ This image translates between plain http and https using HAProxy.
+---+ | +------------+-+ +-------------+
--->+ 80| | | | | |
+---+ | +---+ docker nginx | +----+ |
| +----->+ 80| auto proxy +--------> 80| Wordpress |
| SSL Proxy +----->+ 80| auto proxy +--------> 80| Wordpress |
+---+ | +---+ | +----+ |
--->+443| | | | | |
+---+ | +--+---------+-+ +-------------+

View File

@ -23,6 +23,10 @@ defaults
frontend http
bind *:80
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl

View File

@ -23,17 +23,30 @@ defaults
frontend http
bind *:80
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
redirect scheme https code 301 if !{ ssl_fc }
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend
frontend https
bind *:443 ssl crt /data/haproxy/cert.pem
# add X-Forwarded-For Header to request
http-request add-header X-Forwarded-For %[src]
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend www-backend
backend www-backend

View File

@ -122,12 +122,20 @@ def create_haproxy_cert():
logging.info('using %s as base dir', youngest_directory)
# read fullchain.pem and privkey.pem
if not os.path.exists(youngest_directory + '/fullchain.pem') or not os.path.exists(youngest_directory + '/privkey.pem'):
logging.info('either fullchain.pem or privkey.pem is missing.')
return
fullchain = read_file(youngest_directory + '/fullchain.pem')
privkey = read_file(youngest_directory + '/privkey.pem')
write_file(cert_file, fullchain + privkey)
logging.info('file written')
def create_cert_data_standalone(domains):
if len(domains) == 0:
logging.info('no domains for SSL found.')
return
domains = " -d ".join(domains)
# we should use tls-sni-01 if ssl is already running!