Skip to content

Commit b27e410

Browse files
ivanmatmatioktalz
ivanmatmati
authored and
oktalz
committed
BUG: keep ssl and ssl-passthrough active together
1 parent fd92927 commit b27e410

File tree

3 files changed

+18
-8
lines changed

3 files changed

+18
-8
lines changed

documentation/annotations.md

+2
Original file line numberDiff line numberDiff line change
@@ -796,6 +796,8 @@ http-server-close: "true"
796796

797797
:information_source: Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
798798

799+
:information_source: HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
800+
799801
Possible values:
800802

801803
- true

documentation/doc.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -1585,6 +1585,7 @@ annotations:
15851585
tip:
15861586
- Traffic is proxied in TCP mode which makes unavailable a number of the controller
15871587
annotations (requiring HTTP mode).
1588+
- HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
15881589
values:
15891590
- "true"
15901591
- "false"

pkg/handler/https.go

+15-8
Original file line numberDiff line numberDiff line change
@@ -44,17 +44,19 @@ type HTTPS struct {
4444
strictSNI bool
4545
}
4646

47+
//nolint:golint, stylecheck
48+
const HTTPS_PORT_SSLPASSTHROUGH int64 = 8444
49+
4750
func (handler HTTPS) bindList(passhthrough bool) (binds []models.Bind) {
4851
if handler.IPv4 {
4952
binds = append(binds, models.Bind{
50-
Address: func() (addr string) {
51-
addr = handler.AddrIPv4
53+
Address: handler.AddrIPv4,
54+
Port: func() *int64 {
5255
if passhthrough {
53-
addr = "127.0.0.1"
56+
return utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH)
5457
}
55-
return
58+
return utils.PtrInt64(handler.Port)
5659
}(),
57-
Port: utils.PtrInt64(handler.Port),
5860
BindParams: models.BindParams{
5961
Name: "v4",
6062
AcceptProxy: passhthrough,
@@ -66,11 +68,16 @@ func (handler HTTPS) bindList(passhthrough bool) (binds []models.Bind) {
6668
Address: func() (addr string) {
6769
addr = handler.AddrIPv6
6870
if passhthrough {
69-
addr = "::1"
71+
addr = "::"
7072
}
7173
return
7274
}(),
73-
Port: utils.PtrInt64(handler.Port),
75+
Port: func() *int64 {
76+
if passhthrough {
77+
return utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH)
78+
}
79+
return utils.PtrInt64(handler.Port)
80+
}(),
7481
BindParams: models.BindParams{
7582
AcceptProxy: passhthrough,
7683
Name: "v6",
@@ -220,7 +227,7 @@ func (handler HTTPS) enableSSLPassthrough(h haproxy.HAProxy) (err error) {
220227
h.BackendServerCreate(h.BackSSL, models.Server{
221228
Name: h.FrontHTTPS,
222229
Address: "127.0.0.1",
223-
Port: utils.PtrInt64(handler.Port),
230+
Port: utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH),
224231
ServerParams: models.ServerParams{SendProxyV2: "enabled"},
225232
}),
226233
h.BackendSwitchingRuleCreate(h.FrontSSL, models.BackendSwitchingRule{

0 commit comments

Comments
 (0)