cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
657cd28344475a0f82a1fd573df6c6a18befc1b2
haproxy-manager-base/templates/hap_backend.tpl
jknapp 91c92dd07e
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m17s
Details
Add wildcard domain support with DNS-01 ACME challenge flow 
Support wildcard domains (*.domain.tld) in HAProxy config generation
with exact-match ACLs prioritized over wildcard ACLs. Add DNS-01
challenge endpoints that coordinate with certbot via auth/cleanup
hook scripts for wildcard SSL certificate issuance.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 13:06:08 -08:00

41 lines
1.8 KiB
Smarty
Raw Blame History

# Regular HTTP backend - uses http-server-close for better security and connection management
backend {{ name }}-backend
option forwardfor
# Pass the real client IP to backend (from proxy headers or direct connection)
# This is crucial for container-level logging and security tools
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
http-request set-header X-Real-IP %[var(txn.real_ip)]
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
{% for server in servers %}
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
{% endfor %}
# SSE-specific backend - optimized for Server-Sent Events long-lived connections
backend {{ name }}-sse-backend
# Disable http-server-close to allow SSE long-lived connections
no option http-server-close
# Enable http-no-delay for immediate data transmission
option http-no-delay
# Extended timeouts to support SSE long-lived connections (up to 6 hours)
# Note: SSE sends keepalives every 1 second, so timeout only triggers if backend hangs
timeout server 6h
timeout http-keep-alive 6h
option forwardfor
# Pass the real client IP to backend (from proxy headers or direct connection)
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
http-request set-header X-Real-IP %[var(txn.real_ip)]
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
{% for server in servers %}
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink