fix: expect proxy protocol also for health check

cloudfoundry · Sep 25, 2024 · 3cb3e48 · 3cb3e48
1 parent e9658d9
commit 3cb3e48
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/acceptance-tests/proxy_protocol_test.go b/acceptance-tests/proxy_protocol_test.go
@@ -66,14 +66,14 @@ var _ = Describe("Proxy Protocol", func() {
 		})
 	})
 
-	Context("expect_proxy", func() {
+	Context("expect_proxy_cidrs", func() {
 		opsfileExpectProxyProtocol := `---
 # Enable Proxy Protocol
 - type: replace
   path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/accept_proxy?
   value: false
 - type: replace
-  path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/expect_proxy?
+  path: /instance_groups/name=haproxy/jobs/name=haproxy/properties/ha_proxy/expect_proxy_cidrs?
   value: 
   - 10.0.0.0/8 # Bosh Network CIDR
 `

diff --git a/jobs/haproxy/templates/haproxy.config.erb b/jobs/haproxy/templates/haproxy.config.erb
@@ -365,6 +365,9 @@ listen health_check_http_url
     <% if p("ha_proxy.accept_proxy") && !p("ha_proxy.disable_health_check_proxy") -%>
     tcp-request connection expect-proxy layer4 unless LOCALHOST
     <%- end -%>
+    <% if_p("ha_proxy.expect_proxy_cidrs") && !p("ha_proxy.disable_health_check_proxy") do -%>
+    tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }
+    <%- end -%>
     acl http-routers_down nbsrv(<%= backends.first[:name] %>) eq 0
     monitor fail if http-routers_down
 <% end -%>
@@ -535,7 +538,7 @@ frontend https-in
     <%- end -%>
   <%- end -%>
   <% if_p("ha_proxy.expect_proxy_cidrs") do -%>
-      tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }
+    tcp-request connection expect-proxy layer4 if { src -f /var/vcap/jobs/haproxy/config/expect_proxy_cidrs.txt }
   <%- end -%>
   <%- if_p("ha_proxy.cidr_whitelist") do -%>
     acl whitelist src -f /var/vcap/jobs/haproxy/config/whitelist_cidrs.txt

diff --git a/spec/haproxy/templates/expect_proxy_cidrs.txt_spec.rb b/spec/haproxy/templates/expect_proxy_cidrs.txt_spec.rb
@@ -11,7 +11,7 @@
         expect(template.render({
           'ha_proxy' => {
             'expect_proxy_cidrs' => ['10.5.6.7/27',
-                               '2001:db8::/32']
+                                     '2001:db8::/32']
           }
         })).to eq(<<~EXPECTED)
           # generated from expect_proxy_cidrs.txt.erb