Merge pull request #3598 from Embezzle/T6454

reverse-proxy: T6454: Set default value of http for haproxy mode
vyos · Jun 9, 2024 · bd80160 · bd80160
2 parents a79c094 + 60d7c0e
commit bd80160
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 24 deletions.
diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
@@ -67,25 +67,23 @@ frontend {{ front }}
 {%         if front_config.redirect_http_to_https is vyos_defined %}
     http-request redirect scheme https unless { ssl_fc }
 {%         endif %}
-{%         if front_config.mode is vyos_defined %}
     mode {{ front_config.mode }}
-{%             if front_config.tcp_request.inspect_delay is vyos_defined %}
+{%         if front_config.tcp_request.inspect_delay is vyos_defined %}
     tcp-request inspect-delay {{ front_config.tcp_request.inspect_delay }}
-{%             endif %}
-{# add tcp-request related directive if ssl is configed #}
-{%             if front_config.mode is vyos_defined('tcp') and front_config.rule is vyos_defined %}
-{%                 for rule, rule_config in front_config.rule.items() %}
-{%                     if rule_config.ssl is vyos_defined %}
+{%         endif %}
+{# add tcp-request related directive if ssl is configured #}
+{%         if front_config.mode == 'tcp' and front_config.rule is vyos_defined %}
+{%             for rule, rule_config in front_config.rule.items() %}
+{%                 if rule_config.ssl is vyos_defined %}
     tcp-request content accept if { req_ssl_hello_type 1 }
-{%                         break %}
-{%                     endif %}
-{%                 endfor %}
-{%             endif %}
-{%             if front_config.http_response_headers is vyos_defined %}
-{%                 for header, header_config in front_config.http_response_headers.items() %}
+{%                     break %}
+{%                 endif %}
+{%             endfor %}
+{%         endif %}
+{%         if front_config.http_response_headers is vyos_defined %}
+{%             for header, header_config in front_config.http_response_headers.items() %}
     http-response set-header {{ header }} '{{ header_config['value'] }}'
-{%                 endfor %}
-{%             endif %}
+{%             endfor %}
 {%         endif %}
 {%         if front_config.rule is vyos_defined %}
 {%             for rule, rule_config in front_config.rule.items() %}
@@ -162,19 +160,17 @@ backend {{ back }}
 {%             set balance_translate = {'least-connection': 'leastconn', 'round-robin': 'roundrobin', 'source-address': 'source'} %}
     balance {{ balance_translate[back_config.balance] }}
 {%         endif %}
-{# If mode is not TCP skip Forwarded #}
-{%         if back_config.mode is not vyos_defined('tcp') %}
+{# If mode is HTTP add X-Forwarded headers #}
+{%         if back_config.mode == 'http' %}
     option forwardfor
     http-request set-header X-Forwarded-Port %[dst_port]
     http-request add-header X-Forwarded-Proto https if { ssl_fc }
 {%         endif %}
-{%         if back_config.mode is vyos_defined %}
     mode {{ back_config.mode }}
-{%             if back_config.http_response_headers is vyos_defined %}
-{%                 for header, header_config in back_config.http_response_headers.items() %}
+{%         if back_config.http_response_headers is vyos_defined %}
+{%             for header, header_config in back_config.http_response_headers.items() %}
     http-response set-header {{ header }} '{{ header_config['value'] }}'
-{%                 endfor %}
-{%             endif %}
+{%             endfor %}
 {%         endif %}
 {%         if back_config.rule is vyos_defined %}
 {%             for rule, rule_config in back_config.rule.items() %}

diff --git a/interface-definitions/include/haproxy/mode.xml.i b/interface-definitions/include/haproxy/mode.xml.i
@@ -18,5 +18,6 @@
       <regex>(http|tcp)</regex>
     </constraint>
   </properties>
+  <defaultValue>http</defaultValue>
 </leafNode>
 <!-- include end -->
diff --git a/src/conf_mode/load-balancing_reverse-proxy.py b/src/conf_mode/load-balancing_reverse-proxy.py
@@ -85,7 +85,7 @@ def verify(lb):
                 raise ConfigError(f'"expect status" and "expect string" can not be configured together!')
 
         if 'health_check' in back_config:
-            if 'mode' not in back_config or back_config['mode'] != 'tcp':
+            if back_config['mode'] != 'tcp':
                 raise ConfigError(f'backend "{back}" can only be configured with {back_config["health_check"]} ' +
                                   f'health-check whilst in TCP mode!')
             if 'http_check' in back_config:
@@ -108,7 +108,7 @@ def verify(lb):
     # Check if http-response-headers are configured in any frontend/backend where mode != http
     for group in ['service', 'backend']:
         for config_name, config in lb[group].items():
-            if 'http_response_headers' in config and ('mode' not in config or config['mode'] != 'http'):
+            if 'http_response_headers' in config and config['mode'] != 'http':
                 raise ConfigError(f'{group} {config_name} must be set to http mode to use http_response_headers!')
 
     for front, front_config in lb['service'].items():