allow to enable accept-proxy via env (#38)

lib/kontena/templates/haproxy/http_in.text.erb

@@ -1,8 +1,8 @@
 listen http-in
-    bind *:80
+    bind *:80<% if ENV['KONTENA_LB_ACCEPT_PROXY'] %> accept-proxy<% end %>
     http-request replace-header Host (.*):.* \1
     <% if ssl? %>
-    bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 alpn h2,http/1.1
+    bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3<% if ENV['KONTENA_LB_ACCEPT_PROXY'] %> accept-proxy<% end %> alpn h2,http/1.1
     reqadd X-Forwarded-Proto:\ https if { ssl_fc }
     reqadd X-Forwarded-Port:\ 443 if { ssl_fc }
     <% end %>

lib/kontena/templates/haproxy/tcp_proxies.text.erb

@@ -1,7 +1,7 @@
 <% services.each do |service| %>
 <% if service.external_port %>
 listen <%= service.name %>
-    bind *:<%= service.external_port %>
+    bind *:<%= service.external_port %><% if ENV['KONTENA_LB_ACCEPT_PROXY'] %> accept-proxy<% end %>
     mode tcp
     <% service.custom_settings.each do |setting| %>
     <%= setting %>

spec/kontena/views/http_in_spec.rb

@@ -0,0 +1,60 @@
+describe Kontena::Views::HttpIn do
+
+  describe '.render' do
+    context 'bind' do
+      it 'bings to port 80' do
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/bind \*:80/)).to be_truthy
+      end
+
+      it 'does not accept proxy protocol by default' do
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/accept-proxy/)).to be_falsey
+      end
+
+      it 'accepts proxy protocol if env is set' do
+        allow(ENV).to receive(:[])
+        allow(ENV).to receive(:[]).with('KONTENA_LB_ACCEPT_PROXY').and_return('true')
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/accept-proxy/)).to be_truthy
+      end
+
+      it 'does not bind to port 443 by default' do
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/bind \*:443/)).to be_falsey
+      end
+
+      it 'binds to port 443 if SSL certs exist' do
+        allow(ENV).to receive(:[])
+        allow(ENV).to receive(:[]).with('SSL_CERTS').and_return('certs')
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/bind \*:443/)).to be_truthy
+      end
+
+      it 'supports http2 if SSL certs exist' do
+        allow(ENV).to receive(:[])
+        allow(ENV).to receive(:[]).with('SSL_CERTS').and_return('certs')
+        output = described_class.render(
+          format: :text,
+          services: []
+        )
+        expect(output.match(/alpn h2/)).to be_truthy
+      end
+    end
+  end
+end

spec/kontena/views/tcp_proxies_spec.rb

@@ -4,6 +4,37 @@
   let(:upstream_class) { Kontena::Models::Upstream }
 
   describe '.render' do
+    context 'bind' do
+      it 'sets accept-proxy if env is set' do
+        allow(ENV).to receive(:[]).with('KONTENA_LB_ACCEPT_PROXY').and_return('true')
+        services = [
+          service_class.new('foo').tap { |s|
+            s.external_port = 8080
+            s.upstreams = [upstream_class.new('foo-1', '10.81.3.2:8080')]
+          }
+        ]
+        output = described_class.render(
+          format: :text,
+          services: services
+        )
+        expect(output.match(/accept-proxy/)).to be_truthy
+      end
+
+      it 'does not set accept-proxy without env' do
+        services = [
+          service_class.new('foo').tap { |s|
+            s.external_port = 8080
+            s.upstreams = [upstream_class.new('foo-1', '10.81.3.2:8080')]
+          }
+        ]
+        output = described_class.render(
+          format: :text,
+          services: services
+        )
+        expect(output.match(/accept-proxy/)).to be_falsey
+      end
+    end
+
     context 'balance' do
       it 'sets balance to leastconn by default' do
         services = [