Skip to content

Commit

Permalink
Bind v4 and v6 addresses separately in frontends
Browse files Browse the repository at this point in the history
Use separate bind lines for IPv4 and IPv6.  Using "bind :::80 v4v6" causes
HAProxy to listen on v4 and v6 addresses but translate v4 source addresses
into v6 addresses, which can be seen in HTTP headers.  Using separate bind
lines causes HAProxy to report source addresses faithfully.

* images/router/haproxy/conf/haproxy-config.template: Use separate bind
lines for IPv4 and IPv6 listening addresses.
  • Loading branch information
Miciah committed Feb 5, 2021
1 parent 56fb663 commit 74c2d93
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions images/router/haproxy/conf/haproxy-config.template
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,8 @@ listen stats
{{ if .BindPorts -}}
frontend public
{{ if eq "v4v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v4v6
bind :{{env "ROUTER_SERVICE_HTTP_PORT" "80"}}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v6only
{{- else if eq "v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v6only
{{- else }}
Expand Down Expand Up @@ -216,7 +217,8 @@ frontend public_ssl
option tcplog
{{- end }}
{{ if eq "v4v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v4v6
bind :{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v6only
{{- else if eq "v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v6only
{{- else }}
Expand Down

0 comments on commit 74c2d93

Please sign in to comment.