From c22e7d2e881c2188d35face6b933a10e30bcb971 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Fri, 1 Dec 2023 16:45:53 +0100 Subject: [PATCH] updated haproxy state --- states/haproxy/templates/haproxy.cfg.j2 | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2 index e014177..e7c6719 100644 --- a/states/haproxy/templates/haproxy.cfg.j2 +++ b/states/haproxy/templates/haproxy.cfg.j2 @@ -104,6 +104,9 @@ global tune.lua.maxmem {{ haproxy.config.lua_max_mem }} expose-experimental-directives +.if feature(QUIC) + limited-quic +.endif # Defaults values defaults {{ haproxy.config.namespace }} @@ -160,9 +163,8 @@ frontend fe_http from {{ haproxy.config.namespace }} frontend fe_https from {{ haproxy.config.namespace }} .if feature(QUIC) bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https -.else - bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https .endif + bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https mode http option httplog option http-buffer-request @@ -194,7 +196,7 @@ frontend fe_https from {{ haproxy.config.namespace }} http-request track-sc0 var(req.accesshash) table per_ip_rates - http-request capture req.hdr(User-Agent) len 50 + http-request capture req.hdr(User-Agent) len 200 http-request capture req.hdr(Content-Type) len 50 http-request capture sc_http_req_rate(0) len 4 @@ -226,6 +228,9 @@ frontend fe_https from {{ haproxy.config.namespace }} http-response set-header Date "%[var(txn.httpdate)]" http-response set-header Server "{{ haproxy.config.servername }}" http-response set-header X-Random "%[var(txn.random)]" +.if feature(QUIC) + http-response set-header Alt-Svc "h3=\":443\"; ma=3600" +.endif http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found } http-request deny deny_status 404 unless domains || ua