Closed gthvn1 closed 7 years ago
I personally don't like this approach (of using type parameter and abusing haproxy formula for hard-coding some specific setup for other services) and I consider it to be a legacy. Instead prefered way is to define all specific parameters in reclass eg. like this:
parameters:
haproxy:
proxy:
listen:
artifactory:
mode: http
options:
- forwardfor
- forwardfor header X-Real-IP
- httpchk
- httpclose
- httplog
acl:
is_docker: "path_reg ^/v[12][/.]*"
is_artifactory_path: "path_beg /artifactory/"
http_request:
# Docker registry on subdomain
- action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
condition: "if is_docker"
- action: "redirect location /artifactory/webapp/"
condition: "if !is_artifactory_path !is_docker"
# Common proxy headers
- action: "set-header X-Forwarded-Port %[dst_port]"
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
- action: "add-header X-Forwarded-Proto http"
condition: "if !{ ssl_fc }"
- action: "set-header X-Artifactory-Override-Base-Url https://%[req.hdr(host)]/artifactory"
condition: "if { ssl_fc }"
- action: "set-header X-Artifactory-Override-Base-Url http://%[req.hdr(host)]/artifactory"
condition: "if !{ ssl_fc }"
http_response:
- action: "del-header X-Frame-Options"
balance: source
timeout:
check: 30s
binds:
- address: ${_param:cluster_vip_address}
port: 8082
ssl:
enabled: true
pem_file: /etc/haproxy/ssl/ci.ccp-poc.cloudlab.cz-all.pem
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: 18082
params: check
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
port: 18082
params: backup check
As it's more powerful (as you can see from complex example above) and better readable (you just rely on metadata and don't need to open jinja templated config file to see what's happening).
I personally don't like this approach (of using type parameter and abusing haproxy formula for hard-coding some specific setup for other services) and I consider it to be a legacy.
+1 I was going to make the same comment.
Closing since @fpytloun provided the solution for the problem.
This patch adds the type Grafana that uses the mode 'source' to keep the same HAProxy backend for a given source. Otherwise authentication will be asked for each requests.