Merge ~hloeung/content-cache-charm:master into content-cache-charm:master
- Git
- lp:~hloeung/content-cache-charm
- master
- Merge into master
Proposed by
Haw Loeung
Status: | Superseded |
---|---|
Proposed branch: | ~hloeung/content-cache-charm:master |
Merge into: | content-cache-charm:master |
Diff against target: |
590 lines (+60/-60) 15 files modified
reactive/content_cache.py (+1/-1) tests/unit/files/config_test_config.txt (+1/-1) tests/unit/files/config_test_sites_map.txt (+1/-1) tests/unit/files/content_cache_rendered_haproxy_test_output.txt (+10/-10) tests/unit/files/content_cache_rendered_haproxy_test_output2.txt (+1/-1) tests/unit/files/content_cache_rendered_haproxy_test_output3.txt (+1/-1) tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt (+10/-10) tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt (+1/-1) tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt (+10/-10) tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt (+10/-10) tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt (+10/-10) tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt (+1/-1) tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt (+1/-1) tests/unit/files/haproxy_config_rendered_test_output.txt (+1/-1) tests/unit/files/haproxy_config_rendered_test_output2.txt (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical IS Reviewers | Pending | ||
Content Cache Charmers | Pending | ||
Review via email: mp+397694@code.launchpad.net |
This proposal has been superseded by a proposal from 2021-02-08.
Commit message
Exclude 127.0.0.1 from X-Forward-For headers
Description of the change
To post a comment you must log in.
Revision history for this message
Haw Loeung (hloeung) wrote : | # |
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.
Unmerged commits
- 66c3a16... by Haw Loeung
-
Exclude 127.0.0.1 from X-Forward-For headers
Newer HAProxy, as seen with upgrade from 2.2.3 to 2.2.9, includes
127.0.0.1 in the X-Forward-For headers. This gets logged by Nginx.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/reactive/content_cache.py b/reactive/content_cache.py |
2 | index ec681d6..8b9cc63 100644 |
3 | --- a/reactive/content_cache.py |
4 | +++ b/reactive/content_cache.py |
5 | @@ -281,7 +281,7 @@ def configure_haproxy(): # NOQA: C901 LP#1825084 |
6 | # Also, for caching layer, we want higher fall count as it's less |
7 | # likely the caching layer is down, 2 mins here (inter * fall). |
8 | new_cached_loc_conf['backend-fall-count'] = 60 |
9 | - new_cached_loc_conf['backend-options'] = ['forwardfor'] |
10 | + new_cached_loc_conf['backend-options'] = ['forwardfor except 127.0.0.1'] |
11 | |
12 | # No backends |
13 | if not site_conf['locations'][location].get('backends'): |
14 | diff --git a/tests/unit/files/config_test_config.txt b/tests/unit/files/config_test_config.txt |
15 | index bae4473..688b8af 100644 |
16 | --- a/tests/unit/files/config_test_config.txt |
17 | +++ b/tests/unit/files/config_test_config.txt |
18 | @@ -46,7 +46,7 @@ site3.local: |
19 | /: |
20 | backends: *BACKENDS |
21 | backend-options: |
22 | - - forwardfor except 127.0.0.1 |
23 | + - forwardfor except 127.0.0.1 192.168.1.1 |
24 | - forceclose |
25 | cache-maxconn: 4096 |
26 | |
27 | diff --git a/tests/unit/files/config_test_sites_map.txt b/tests/unit/files/config_test_sites_map.txt |
28 | index 7158e24..6f130c7 100644 |
29 | --- a/tests/unit/files/config_test_sites_map.txt |
30 | +++ b/tests/unit/files/config_test_sites_map.txt |
31 | @@ -39,7 +39,7 @@ site3.local: |
32 | locations: |
33 | /: |
34 | backend-options: |
35 | - - forwardfor except 127.0.0.1 |
36 | + - forwardfor except 127.0.0.1 192.168.1.1 |
37 | - forceclose |
38 | backend_port: 8082 |
39 | backends: |
40 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
41 | index 9f6292d..73396fb 100644 |
42 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
43 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output.txt |
44 | @@ -155,7 +155,7 @@ listen site9-local |
45 | default_backend backend-site9-local |
46 | |
47 | backend backend-cached-site1-local |
48 | - option forwardfor |
49 | + option forwardfor except 127.0.0.1 |
50 | option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
51 | http-request set-header Host site1.local |
52 | balance leastconn |
53 | @@ -171,7 +171,7 @@ backend backend-site1-local |
54 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
55 | |
56 | backend backend-cached-site2-local |
57 | - option forwardfor |
58 | + option forwardfor except 127.0.0.1 |
59 | option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk |
60 | http-request set-header Host site2.local |
61 | balance leastconn |
62 | @@ -187,14 +187,14 @@ backend backend-site2-local |
63 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
64 | |
65 | backend backend-cached-site3-local |
66 | - option forwardfor |
67 | + option forwardfor except 127.0.0.1 |
68 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
69 | http-request set-header Host site3.local |
70 | balance leastconn |
71 | server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096 |
72 | |
73 | backend backend-site3-local |
74 | - option forwardfor except 127.0.0.1 |
75 | + option forwardfor except 127.0.0.1 192.168.1.1 |
76 | option forceclose |
77 | option redispatch 1 |
78 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
79 | @@ -205,14 +205,14 @@ backend backend-site3-local |
80 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
81 | |
82 | backend backend-cached-site4-local |
83 | - option forwardfor |
84 | + option forwardfor except 127.0.0.1 |
85 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk |
86 | http-request set-header Host site4.local |
87 | balance leastconn |
88 | server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200 |
89 | |
90 | backend backend-cached-site5 |
91 | - option forwardfor |
92 | + option forwardfor except 127.0.0.1 |
93 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk |
94 | http-request set-header Host site5.local |
95 | balance leastconn |
96 | @@ -233,7 +233,7 @@ backend backend-site5-2 |
97 | server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200 |
98 | |
99 | backend backend-cached-site6-local |
100 | - option forwardfor |
101 | + option forwardfor except 127.0.0.1 |
102 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk |
103 | http-request set-header Host site6.local |
104 | balance leastconn |
105 | @@ -247,7 +247,7 @@ backend backend-site6-local |
106 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
107 | |
108 | backend backend-cached-site7-local |
109 | - option forwardfor |
110 | + option forwardfor except 127.0.0.1 |
111 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk |
112 | http-request set-header Host site7.local |
113 | balance leastconn |
114 | @@ -261,7 +261,7 @@ backend backend-site7-local |
115 | server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200 |
116 | |
117 | backend backend-cached-site8-local |
118 | - option forwardfor |
119 | + option forwardfor except 127.0.0.1 |
120 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk |
121 | http-request set-header Host site8.local |
122 | balance leastconn |
123 | @@ -282,7 +282,7 @@ backend backend-site8-local-2 |
124 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
125 | |
126 | backend backend-cached-site9-local |
127 | - option forwardfor |
128 | + option forwardfor except 127.0.0.1 |
129 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk |
130 | http-request set-header Host site9.local |
131 | balance leastconn |
132 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt |
133 | index 22ddfcd..dfabf9f 100644 |
134 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt |
135 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output2.txt |
136 | @@ -90,7 +90,7 @@ listen site1-local |
137 | default_backend backend-site1-local |
138 | |
139 | backend backend-cached-site1-local |
140 | - option forwardfor |
141 | + option forwardfor except 127.0.0.1 |
142 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
143 | http-request set-header Host site1.local |
144 | balance leastconn |
145 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt |
146 | index dd8a6f7..b79fe04 100644 |
147 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt |
148 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output3.txt |
149 | @@ -96,7 +96,7 @@ listen site1-local |
150 | default_backend backend-site1-local |
151 | |
152 | backend backend-cached-site1-local |
153 | - option forwardfor |
154 | + option forwardfor except 127.0.0.1 |
155 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
156 | http-request set-header Host site1.local |
157 | balance leastconn |
158 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt |
159 | index 8de817a..c77b9dc 100644 |
160 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt |
161 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_auto_maxconns.txt |
162 | @@ -155,7 +155,7 @@ listen site9-local |
163 | default_backend backend-site9-local |
164 | |
165 | backend backend-cached-site1-local |
166 | - option forwardfor |
167 | + option forwardfor except 127.0.0.1 |
168 | option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
169 | http-request set-header Host site1.local |
170 | balance leastconn |
171 | @@ -171,7 +171,7 @@ backend backend-site1-local |
172 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
173 | |
174 | backend backend-cached-site2-local |
175 | - option forwardfor |
176 | + option forwardfor except 127.0.0.1 |
177 | option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk |
178 | http-request set-header Host site2.local |
179 | balance leastconn |
180 | @@ -187,14 +187,14 @@ backend backend-site2-local |
181 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
182 | |
183 | backend backend-cached-site3-local |
184 | - option forwardfor |
185 | + option forwardfor except 127.0.0.1 |
186 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
187 | http-request set-header Host site3.local |
188 | balance leastconn |
189 | server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096 |
190 | |
191 | backend backend-site3-local |
192 | - option forwardfor except 127.0.0.1 |
193 | + option forwardfor except 127.0.0.1 192.168.1.1 |
194 | option forceclose |
195 | option redispatch 1 |
196 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
197 | @@ -205,14 +205,14 @@ backend backend-site3-local |
198 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
199 | |
200 | backend backend-cached-site4-local |
201 | - option forwardfor |
202 | + option forwardfor except 127.0.0.1 |
203 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk |
204 | http-request set-header Host site4.local |
205 | balance leastconn |
206 | server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200 |
207 | |
208 | backend backend-cached-site5 |
209 | - option forwardfor |
210 | + option forwardfor except 127.0.0.1 |
211 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk |
212 | http-request set-header Host site5.local |
213 | balance leastconn |
214 | @@ -233,7 +233,7 @@ backend backend-site5-2 |
215 | server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200 |
216 | |
217 | backend backend-cached-site6-local |
218 | - option forwardfor |
219 | + option forwardfor except 127.0.0.1 |
220 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk |
221 | http-request set-header Host site6.local |
222 | balance leastconn |
223 | @@ -247,7 +247,7 @@ backend backend-site6-local |
224 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
225 | |
226 | backend backend-cached-site7-local |
227 | - option forwardfor |
228 | + option forwardfor except 127.0.0.1 |
229 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk |
230 | http-request set-header Host site7.local |
231 | balance leastconn |
232 | @@ -261,7 +261,7 @@ backend backend-site7-local |
233 | server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200 |
234 | |
235 | backend backend-cached-site8-local |
236 | - option forwardfor |
237 | + option forwardfor except 127.0.0.1 |
238 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk |
239 | http-request set-header Host site8.local |
240 | balance leastconn |
241 | @@ -282,7 +282,7 @@ backend backend-site8-local-2 |
242 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
243 | |
244 | backend backend-cached-site9-local |
245 | - option forwardfor |
246 | + option forwardfor except 127.0.0.1 |
247 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk |
248 | http-request set-header Host site9.local |
249 | balance leastconn |
250 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt |
251 | index aaf84c5..47980cb 100644 |
252 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt |
253 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_backup.txt |
254 | @@ -95,7 +95,7 @@ listen site1-local-2 |
255 | default_backend backend-site1-local-2 |
256 | |
257 | backend backend-cached-site1-local |
258 | - option forwardfor |
259 | + option forwardfor except 127.0.0.1 |
260 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
261 | http-request set-header Host site1.local |
262 | balance leastconn |
263 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt |
264 | index 29451b9..eb9f1cf 100644 |
265 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt |
266 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_load_balancing_algorithm.txt |
267 | @@ -155,7 +155,7 @@ listen site9-local |
268 | default_backend backend-site9-local |
269 | |
270 | backend backend-cached-site1-local |
271 | - option forwardfor |
272 | + option forwardfor except 127.0.0.1 |
273 | option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
274 | http-request set-header Host site1.local |
275 | balance roundrobin |
276 | @@ -171,7 +171,7 @@ backend backend-site1-local |
277 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
278 | |
279 | backend backend-cached-site2-local |
280 | - option forwardfor |
281 | + option forwardfor except 127.0.0.1 |
282 | option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk |
283 | http-request set-header Host site2.local |
284 | balance roundrobin |
285 | @@ -187,14 +187,14 @@ backend backend-site2-local |
286 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
287 | |
288 | backend backend-cached-site3-local |
289 | - option forwardfor |
290 | + option forwardfor except 127.0.0.1 |
291 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
292 | http-request set-header Host site3.local |
293 | balance roundrobin |
294 | server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096 |
295 | |
296 | backend backend-site3-local |
297 | - option forwardfor except 127.0.0.1 |
298 | + option forwardfor except 127.0.0.1 192.168.1.1 |
299 | option forceclose |
300 | option redispatch 1 |
301 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
302 | @@ -205,14 +205,14 @@ backend backend-site3-local |
303 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
304 | |
305 | backend backend-cached-site4-local |
306 | - option forwardfor |
307 | + option forwardfor except 127.0.0.1 |
308 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk |
309 | http-request set-header Host site4.local |
310 | balance roundrobin |
311 | server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200 |
312 | |
313 | backend backend-cached-site5 |
314 | - option forwardfor |
315 | + option forwardfor except 127.0.0.1 |
316 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk |
317 | http-request set-header Host site5.local |
318 | balance roundrobin |
319 | @@ -233,7 +233,7 @@ backend backend-site5-2 |
320 | server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200 |
321 | |
322 | backend backend-cached-site6-local |
323 | - option forwardfor |
324 | + option forwardfor except 127.0.0.1 |
325 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk |
326 | http-request set-header Host site6.local |
327 | balance roundrobin |
328 | @@ -247,7 +247,7 @@ backend backend-site6-local |
329 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
330 | |
331 | backend backend-cached-site7-local |
332 | - option forwardfor |
333 | + option forwardfor except 127.0.0.1 |
334 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk |
335 | http-request set-header Host site7.local |
336 | balance roundrobin |
337 | @@ -261,7 +261,7 @@ backend backend-site7-local |
338 | server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200 |
339 | |
340 | backend backend-cached-site8-local |
341 | - option forwardfor |
342 | + option forwardfor except 127.0.0.1 |
343 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk |
344 | http-request set-header Host site8.local |
345 | balance roundrobin |
346 | @@ -282,7 +282,7 @@ backend backend-site8-local-2 |
347 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
348 | |
349 | backend backend-cached-site9-local |
350 | - option forwardfor |
351 | + option forwardfor except 127.0.0.1 |
352 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk |
353 | http-request set-header Host site9.local |
354 | balance roundrobin |
355 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt |
356 | index ea91f8d..1262349 100644 |
357 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt |
358 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads.txt |
359 | @@ -156,7 +156,7 @@ listen site9-local |
360 | default_backend backend-site9-local |
361 | |
362 | backend backend-cached-site1-local |
363 | - option forwardfor |
364 | + option forwardfor except 127.0.0.1 |
365 | option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
366 | http-request set-header Host site1.local |
367 | balance leastconn |
368 | @@ -172,7 +172,7 @@ backend backend-site1-local |
369 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
370 | |
371 | backend backend-cached-site2-local |
372 | - option forwardfor |
373 | + option forwardfor except 127.0.0.1 |
374 | option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk |
375 | http-request set-header Host site2.local |
376 | balance leastconn |
377 | @@ -188,14 +188,14 @@ backend backend-site2-local |
378 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
379 | |
380 | backend backend-cached-site3-local |
381 | - option forwardfor |
382 | + option forwardfor except 127.0.0.1 |
383 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
384 | http-request set-header Host site3.local |
385 | balance leastconn |
386 | server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096 |
387 | |
388 | backend backend-site3-local |
389 | - option forwardfor except 127.0.0.1 |
390 | + option forwardfor except 127.0.0.1 192.168.1.1 |
391 | option forceclose |
392 | option redispatch 1 |
393 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
394 | @@ -206,14 +206,14 @@ backend backend-site3-local |
395 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
396 | |
397 | backend backend-cached-site4-local |
398 | - option forwardfor |
399 | + option forwardfor except 127.0.0.1 |
400 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk |
401 | http-request set-header Host site4.local |
402 | balance leastconn |
403 | server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200 |
404 | |
405 | backend backend-cached-site5 |
406 | - option forwardfor |
407 | + option forwardfor except 127.0.0.1 |
408 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk |
409 | http-request set-header Host site5.local |
410 | balance leastconn |
411 | @@ -234,7 +234,7 @@ backend backend-site5-2 |
412 | server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200 |
413 | |
414 | backend backend-cached-site6-local |
415 | - option forwardfor |
416 | + option forwardfor except 127.0.0.1 |
417 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk |
418 | http-request set-header Host site6.local |
419 | balance leastconn |
420 | @@ -248,7 +248,7 @@ backend backend-site6-local |
421 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
422 | |
423 | backend backend-cached-site7-local |
424 | - option forwardfor |
425 | + option forwardfor except 127.0.0.1 |
426 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk |
427 | http-request set-header Host site7.local |
428 | balance leastconn |
429 | @@ -262,7 +262,7 @@ backend backend-site7-local |
430 | server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200 |
431 | |
432 | backend backend-cached-site8-local |
433 | - option forwardfor |
434 | + option forwardfor except 127.0.0.1 |
435 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk |
436 | http-request set-header Host site8.local |
437 | balance leastconn |
438 | @@ -283,7 +283,7 @@ backend backend-site8-local-2 |
439 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
440 | |
441 | backend backend-cached-site9-local |
442 | - option forwardfor |
443 | + option forwardfor except 127.0.0.1 |
444 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk |
445 | http-request set-header Host site9.local |
446 | balance leastconn |
447 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt |
448 | index ef0a365..e62c94d 100644 |
449 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt |
450 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_processes_and_threads_haproxy2.txt |
451 | @@ -155,7 +155,7 @@ listen site9-local |
452 | default_backend backend-site9-local |
453 | |
454 | backend backend-cached-site1-local |
455 | - option forwardfor |
456 | + option forwardfor except 127.0.0.1 |
457 | option httpchk HEAD /?token=1861920000_f3e404e205ed44749e942d481f7a7bec57c5e78a HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
458 | http-request set-header Host site1.local |
459 | balance leastconn |
460 | @@ -172,7 +172,7 @@ backend backend-site1-local |
461 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
462 | |
463 | backend backend-cached-site2-local |
464 | - option forwardfor |
465 | + option forwardfor except 127.0.0.1 |
466 | option httpchk GET /check/ HTTP/1.0\r\nHost:\ site2.local\r\nUser-Agent:\ haproxy/httpchk |
467 | http-request set-header Host site2.local |
468 | balance leastconn |
469 | @@ -189,14 +189,14 @@ backend backend-site2-local |
470 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
471 | |
472 | backend backend-cached-site3-local |
473 | - option forwardfor |
474 | + option forwardfor except 127.0.0.1 |
475 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
476 | http-request set-header Host site3.local |
477 | balance leastconn |
478 | server server_1 127.0.0.1:6082 check inter 2s rise 2 fall 60 maxconn 4096 |
479 | |
480 | backend backend-site3-local |
481 | - option forwardfor except 127.0.0.1 |
482 | + option forwardfor except 127.0.0.1 192.168.1.1 |
483 | option forceclose |
484 | retry-on all-retryable-errors |
485 | option redispatch 1 |
486 | @@ -208,14 +208,14 @@ backend backend-site3-local |
487 | server server_3 127.0.1.12:80 check inter 5s rise 2 fall 5 maxconn 200 |
488 | |
489 | backend backend-cached-site4-local |
490 | - option forwardfor |
491 | + option forwardfor except 127.0.0.1 |
492 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site4.local\r\nUser-Agent:\ haproxy/httpchk |
493 | http-request set-header Host site4.local |
494 | balance leastconn |
495 | server server_1 127.0.0.1:6083 check inter 2s rise 2 fall 60 maxconn 200 |
496 | |
497 | backend backend-cached-site5 |
498 | - option forwardfor |
499 | + option forwardfor except 127.0.0.1 |
500 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site5.local\r\nUser-Agent:\ haproxy/httpchk |
501 | http-request set-header Host site5.local |
502 | balance leastconn |
503 | @@ -238,7 +238,7 @@ backend backend-site5-2 |
504 | server server_1 127.0.1.11:80 check inter 5s rise 2 fall 5 maxconn 200 |
505 | |
506 | backend backend-cached-site6-local |
507 | - option forwardfor |
508 | + option forwardfor except 127.0.0.1 |
509 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site6.local\r\nUser-Agent:\ haproxy/httpchk |
510 | http-request set-header Host site6.local |
511 | balance leastconn |
512 | @@ -253,7 +253,7 @@ backend backend-site6-local |
513 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(site6.local) check-sni site6.local verify required ca-file ca-certificates.crt |
514 | |
515 | backend backend-cached-site7-local |
516 | - option forwardfor |
517 | + option forwardfor except 127.0.0.1 |
518 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site7.local\r\nUser-Agent:\ haproxy/httpchk |
519 | http-request set-header Host site7.local |
520 | balance leastconn |
521 | @@ -268,7 +268,7 @@ backend backend-site7-local |
522 | server server_1 127.0.1.10:80 check inter 5s rise 2 fall 5 maxconn 200 |
523 | |
524 | backend backend-cached-site8-local |
525 | - option forwardfor |
526 | + option forwardfor except 127.0.0.1 |
527 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site8.local\r\nUser-Agent:\ haproxy/httpchk |
528 | http-request set-header Host site8.local |
529 | balance leastconn |
530 | @@ -291,7 +291,7 @@ backend backend-site8-local-2 |
531 | server server_1 127.0.1.10:443 check inter 5s rise 2 fall 5 maxconn 200 ssl sni str(auth.site8.local) check-sni auth.site8.local verify required ca-file ca-certificates.crt |
532 | |
533 | backend backend-cached-site9-local |
534 | - option forwardfor |
535 | + option forwardfor except 127.0.0.1 |
536 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site9.local\r\nUser-Agent:\ haproxy/httpchk |
537 | http-request set-header Host site9.local |
538 | balance leastconn |
539 | diff --git a/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt b/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt |
540 | index 8d97a65..5c24c39 100644 |
541 | --- a/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt |
542 | +++ b/tests/unit/files/content_cache_rendered_haproxy_test_output_srv_template.txt |
543 | @@ -90,7 +90,7 @@ listen site1-local |
544 | default_backend backend-site1-local |
545 | |
546 | backend backend-cached-site1-local |
547 | - option forwardfor |
548 | + option forwardfor except 127.0.0.1 |
549 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site1.local\r\nUser-Agent:\ haproxy/httpchk |
550 | http-request set-header Host site1.local |
551 | balance leastconn |
552 | diff --git a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt |
553 | index 247c97d..1246e0d 100644 |
554 | --- a/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt |
555 | +++ b/tests/unit/files/haproxy_config_rendered_backends_stanzas_test_output.txt |
556 | @@ -16,7 +16,7 @@ backend backend-site2-local |
557 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
558 | |
559 | backend backend-site3-local |
560 | - option forwardfor except 127.0.0.1 |
561 | + option forwardfor except 127.0.0.1 192.168.1.1 |
562 | option forceclose |
563 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
564 | http-request set-header Host site3.local |
565 | diff --git a/tests/unit/files/haproxy_config_rendered_test_output.txt b/tests/unit/files/haproxy_config_rendered_test_output.txt |
566 | index 290d918..19b0a26 100644 |
567 | --- a/tests/unit/files/haproxy_config_rendered_test_output.txt |
568 | +++ b/tests/unit/files/haproxy_config_rendered_test_output.txt |
569 | @@ -122,7 +122,7 @@ backend backend-site2-local |
570 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
571 | |
572 | backend backend-site3-local |
573 | - option forwardfor except 127.0.0.1 |
574 | + option forwardfor except 127.0.0.1 192.168.1.1 |
575 | option forceclose |
576 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
577 | http-request set-header Host site3.local |
578 | diff --git a/tests/unit/files/haproxy_config_rendered_test_output2.txt b/tests/unit/files/haproxy_config_rendered_test_output2.txt |
579 | index 7489f26..8d7de93 100644 |
580 | --- a/tests/unit/files/haproxy_config_rendered_test_output2.txt |
581 | +++ b/tests/unit/files/haproxy_config_rendered_test_output2.txt |
582 | @@ -122,7 +122,7 @@ backend backend-site2-local |
583 | server server_3 127.0.1.12:443 check inter 5s rise 2 fall 5 maxconn 1024 ssl sni str(site2.local) check-sni site2.local verify required ca-file ca-certificates.crt |
584 | |
585 | backend backend-site3-local |
586 | - option forwardfor except 127.0.0.1 |
587 | + option forwardfor except 127.0.0.1 192.168.1.1 |
588 | option forceclose |
589 | option httpchk HEAD / HTTP/1.0\r\nHost:\ site3.local\r\nUser-Agent:\ haproxy/httpchk |
590 | http-request set-header Host site3.local |
A real fix is to set a new header with the client's IP and update Nginx to log that. I'll do that in another MP.