From 557c13b6638c810c75eb10dd382841b0d2429999 Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Wed, 30 Aug 2023 09:23:11 -0400 Subject: [PATCH] properly fixup jobs.pyfound.org via SNI support --- pillar/base/haproxy.sls | 3 ++- salt/haproxy/config/haproxy.cfg.jinja | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pillar/base/haproxy.sls b/pillar/base/haproxy.sls index ea311267..6bf4e29c 100644 --- a/pillar/base/haproxy.sls +++ b/pillar/base/haproxy.sls @@ -53,9 +53,10 @@ haproxy: jobs: domains: - jobs.pyfound.org - check: False + check: "GET / HTTP/1.1\\r\\nHost:\\ pythonsoftwarefoundation.applytojob.com" ca-file: "ca-certificates.crt" verify_host: pythonsoftwarefoundation.applytojob.com + sni: pythonsoftwarefoundation.applytojob.com extra: - http-request replace-header Host ^.*$ pythonsoftwarefoundation.applytojob.com diff --git a/salt/haproxy/config/haproxy.cfg.jinja b/salt/haproxy/config/haproxy.cfg.jinja index 3f059df9..5a8648b7 100644 --- a/salt/haproxy/config/haproxy.cfg.jinja +++ b/salt/haproxy/config/haproxy.cfg.jinja @@ -223,7 +223,7 @@ backend {{ service }} {% endfor -%} {{ "{{" }}range service "{{ service }}@{{ pillar.dc }}" "any"}} - {% raw %}server {{.Node}} {{.Address}}:{{.Port}}{% endraw %}{% if config.get("check", True) %} check{% endif %}{% if config.get("tls", True) %} ssl force-tlsv12 verifyhost {{ config.get("verify_host", service + ".psf.io") }} ca-file {{ config.get("ca-file", "PSF_CA.pem") }}{% endif %}{{ "{{end}}" }} + {% raw %}server {{.Node}} {{.Address}}:{{.Port}}{% endraw %}{% if config.get("check", True) %} check{% if config.get("sni", False)%} check-sni {{ config.get("sni") }}{% endif %}{% if config.get("sni", False)%} sni str({{ config.get("sni") }}){% endif %}{% endif %}{% if config.get("tls", True) %} ssl force-tlsv12 verifyhost {{ config.get("verify_host", service + ".psf.io") }} ca-file {{ config.get("ca-file", "PSF_CA.pem") }}{% endif %}{{ "{{end}}" }} {% endfor %}