Merge branch 'add_X-Forwarded-For_header' into 'master'
Add x forwarded for header See merge request !3
This commit is contained in:
commit
2daf41afdc
@ -15,7 +15,7 @@ This image translates between plain http and https using HAProxy.
|
||||
+---+ | +------------+-+ +-------------+
|
||||
--->+ 80| | | | | |
|
||||
+---+ | +---+ docker nginx | +----+ |
|
||||
| +----->+ 80| auto proxy +--------> 80| Wordpress |
|
||||
| SSL Proxy +----->+ 80| auto proxy +--------> 80| Wordpress |
|
||||
+---+ | +---+ | +----+ |
|
||||
--->+443| | | | | |
|
||||
+---+ | +--+---------+-+ +-------------+
|
||||
|
@ -23,6 +23,10 @@ defaults
|
||||
|
||||
frontend http
|
||||
bind *:80
|
||||
|
||||
# add X-Forwarded-For Header to request
|
||||
http-request add-header X-Forwarded-For %[src]
|
||||
|
||||
reqadd X-Forwarded-Proto:\ http
|
||||
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
||||
use_backend letsencrypt-backend if letsencrypt-acl
|
||||
|
@ -23,17 +23,30 @@ defaults
|
||||
|
||||
frontend http
|
||||
bind *:80
|
||||
|
||||
# add X-Forwarded-For Header to request
|
||||
http-request add-header X-Forwarded-For %[src]
|
||||
|
||||
reqadd X-Forwarded-Proto:\ http
|
||||
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
||||
|
||||
redirect scheme https code 301 if !{ ssl_fc }
|
||||
|
||||
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
||||
use_backend letsencrypt-backend if letsencrypt-acl
|
||||
|
||||
default_backend www-backend
|
||||
|
||||
frontend https
|
||||
bind *:443 ssl crt /data/haproxy/cert.pem
|
||||
|
||||
# add X-Forwarded-For Header to request
|
||||
http-request add-header X-Forwarded-For %[src]
|
||||
|
||||
reqadd X-Forwarded-Proto:\ https
|
||||
|
||||
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
||||
use_backend letsencrypt-backend if letsencrypt-acl
|
||||
|
||||
default_backend www-backend
|
||||
|
||||
backend www-backend
|
||||
|
8
start.py
8
start.py
@ -122,12 +122,20 @@ def create_haproxy_cert():
|
||||
logging.info('using %s as base dir', youngest_directory)
|
||||
|
||||
# read fullchain.pem and privkey.pem
|
||||
if not os.path.exists(youngest_directory + '/fullchain.pem') or not os.path.exists(youngest_directory + '/privkey.pem'):
|
||||
logging.info('either fullchain.pem or privkey.pem is missing.')
|
||||
return
|
||||
|
||||
fullchain = read_file(youngest_directory + '/fullchain.pem')
|
||||
privkey = read_file(youngest_directory + '/privkey.pem')
|
||||
write_file(cert_file, fullchain + privkey)
|
||||
logging.info('file written')
|
||||
|
||||
def create_cert_data_standalone(domains):
|
||||
if len(domains) == 0:
|
||||
logging.info('no domains for SSL found.')
|
||||
return
|
||||
|
||||
domains = " -d ".join(domains)
|
||||
|
||||
# we should use tls-sni-01 if ssl is already running!
|
||||
|
Loading…
Reference in New Issue
Block a user