HAPROXY listen on ipv4 only by default.

2024-11-20 13:05:36 +01:00 · 2024-11-20 13:05:36 +01:00 · 8a7939175e
parent f260f06387
commit 8a7939175e
2 changed files with 42 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -8,6 +8,8 @@ docker_swarm_haproxy_accept_proxy: '{{ docker_swarm_haproxy_accept_proxy_var | b
 docker_swarm_haproxy_keepalive_installation: false
 docker_swarm_haproxy_swarm_port: '{{ docker_api_port }}'
 docker_swarm_haproxy_plain_http_api: true
 docker_swarm_haproxy_ipv4_only: true
 docker_swarm_haproxy_ipv6_only: false
 #
 docker_swarm_expose_api_via_haproxy: true
 docker_swarm_expose_api_hostname: 'swarm.example.com'
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@ -54,7 +54,13 @@ peers mypeers
    peer local_haproxy 127.0.0.1:1024
 listen stats
 {% if docker_swarm_haproxy_ipv4_only %}
    bind 0.0.0.0:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
 {% elif docker_swarm_haproxy_ipv6_only %}
    bind :::{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
 {% else %}
    bind *:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
 {% endif %}
    mode http
    http-request use-service prometheus-exporter if { path /metrics }
    option httplog
@ -77,7 +83,13 @@ listen local_stats
 {% if docker_swarm_haproxy_plain_http_listener %}
 frontend http_{{ docker_swarm_haproxy_plain_http_port }}
 {% if docker_swarm_haproxy_ipv4_only %}
    bind 0.0.0.0:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% elif docker_swarm_haproxy_ipv6_only %}
    bind :::{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% else %}
    bind *:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
    mode http
    option http-keep-alive
@ -108,10 +120,22 @@ frontend http_{{ docker_swarm_haproxy_plain_http_port }}
 {% endif %}
 frontend http
 {% if docker_swarm_haproxy_ipv4_only %}
    bind 0.0.0.0:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
    bind 0.0.0.0:{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% elif docker_swarm_haproxy_ipv6_only %}
    bind :::{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
    bind :::{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% else %}
    bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
    bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
    mode http
    option http-keep-alive
    option httplog
@ -154,12 +178,26 @@ frontend http
 {% if docker_swarm_expose_api_via_haproxy %}
 frontend docker_ft
 {% if docker_swarm_haproxy_ipv4_only %}
 {% if docker_swarm_haproxy_plain_http_api %}
-    bind :{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
+    bind 0.0.0.0:{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% else %}
-    bind :{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
+    bind 0.0.0.0:{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
 {% elif docker_swarm_haproxy_ipv6_only %}
 {% if docker_swarm_haproxy_plain_http_api %}
    bind :::{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% else %}
    bind :::{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
 {% else %}
 {% if docker_swarm_haproxy_plain_http_api %}
    bind *:{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% else %}
    bind *:{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
 {% endif %}
    mode {{ docker_swarm_api_haproxy_mode }}
    acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}