Skip to content

Commit

Permalink
Merge pull request quarkusio#83 from Miciah/BZ1801407-omit-brackets-a…
Browse files Browse the repository at this point in the history
…round-IPv4-addresses-in-v4v6-mode

Bug 1801407: Omit brackets around IPv4 addresses in v4v6 mode
  • Loading branch information
openshift-merge-robot authored Feb 11, 2021
2 parents e47684c + 74c2d93 commit 880408f
Showing 1 changed file with 19 additions and 5 deletions.
24 changes: 19 additions & 5 deletions images/router/haproxy/conf/haproxy-config.template
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,8 @@ listen stats
{{ if .BindPorts -}}
frontend public
{{ if eq "v4v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v4v6
bind :{{env "ROUTER_SERVICE_HTTP_PORT" "80"}}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v6only
{{- else if eq "v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} v6only
{{- else }}
Expand Down Expand Up @@ -233,7 +234,8 @@ frontend public_ssl
option tcplog
{{- end }}
{{ if eq "v4v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v4v6
bind :{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v6only
{{- else if eq "v6" $router_ip_v4_v6_mode }}
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v6only
{{- else }}
Expand Down Expand Up @@ -524,8 +526,12 @@ backend {{genBackendNamePrefix $cfg.TLSTermination}}:{{$cfgIdx}}
http-request add-header X-Forwarded-Proto http if !{ ssl_fc }
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 }
{{- if matchPattern "(v4)?v6" $router_ip_v4_v6_mode }}
{{- if eq "v4v6" $router_ip_v4_v6_mode }}
# See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode)
acl ipv6_addr src -m sub :
http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if ipv6_addr
http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if !ipv6_addr
{{- else if eq "v6" $router_ip_v4_v6_mode }}
http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
{{- else }}
http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
Expand All @@ -537,8 +543,12 @@ backend {{genBackendNamePrefix $cfg.TLSTermination}}:{{$cfgIdx}}
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 }
{{- if matchPattern "(v4)?v6" $router_ip_v4_v6_mode }}
{{- if eq "v4v6" $router_ip_v4_v6_mode }}
# See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode)
acl ipv6_addr src -m sub :
http-request set-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if ipv6_addr
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if !ipv6_addr
{{- else if eq "v6" $router_ip_v4_v6_mode }}
http-request set-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
{{- else }}
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
Expand All @@ -550,8 +560,12 @@ backend {{genBackendNamePrefix $cfg.TLSTermination}}:{{$cfgIdx}}
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !{ req.hdr(X-Forwarded-Proto) -m found }
http-request set-header X-Forwarded-Proto https if { ssl_fc } !{ req.hdr(X-Forwarded-Proto) -m found }
http-request set-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } !{ req.hdr(X-Forwarded-Proto-Version) -m found }
{{- if matchPattern "(v4)?v6" $router_ip_v4_v6_mode }}
{{- if eq "v4v6" $router_ip_v4_v6_mode }}
# See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode)
acl ipv6_addr src -m sub :
http-request set-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if ipv6_addr !{ req.hdr(Forwarded) -m found }
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if !ipv6_addr !{ req.hdr(Forwarded) -m found }
{{- else if eq "v6" $router_ip_v4_v6_mode }}
http-request set-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if !{ req.hdr(Forwarded) -m found }
{{- else }}
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] if !{ req.hdr(Forwarded) -m found }
Expand Down

0 comments on commit 880408f

Please sign in to comment.