From 008f48e8ed9da35767bcd0bcd60d482bc96011ac Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sat, 15 Oct 2022 15:40:15 +0200 Subject: [PATCH] update haproxy and varnish configurations --- etc/haproxy/haproxy.cfg | 14 ++++++++------ etc/varnish/default.vcl | 8 ++++---- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/etc/haproxy/haproxy.cfg b/etc/haproxy/haproxy.cfg index 672e489..b8050b0 100644 --- a/etc/haproxy/haproxy.cfg +++ b/etc/haproxy/haproxy.cfg @@ -88,7 +88,9 @@ userlist example-dev_team listen stats mode http + # Bind with SSL externaly bind *:8080 ssl crt /etc/haproxy/ssl/ + # Bind without SSL locally bind 127.0.0.1:8081 acl stats_access_ips src -f /etc/haproxy/stats_access_ips @@ -140,10 +142,10 @@ frontend external # BEGIN HTTP tagging http-request set-header X-Unique-ID %[uuid()] unless { hdr(X-Unique-ID) -m found } - http-request add-header X-Boost-Step1 haproxy-external + http-request add-header X-Boost-Step1 "haproxy-external" - http-response add-header X-Boost-Step1 "haproxy-external; client-https" if { ssl_fc } - http-response add-header X-Boost-Step1 "haproxy-external; client-http" if !{ ssl_fc } + http-response add-header X-Boost-Step1 "haproxy-external; ssl-frontend" if { ssl_fc } + http-response add-header X-Boost-Step1 "haproxy-external; no-ssl-frontend" if !{ ssl_fc } http-response set-header X-Boost-Server my-hostname # Debug: Enable this to add a full log line in the response @@ -217,10 +219,10 @@ frontend internal http-request set-header X-Forwarded-Proto %[hdr(x-forwarded-proto)] if forwarded_proto varnish_from # BEGIN HTTP tagging - http-request add-header X-Boost-Step3 haproxy-internal + http-request add-header X-Boost-Step3 "haproxy-internal" - http-response add-header X-Boost-Step3 "haproxy-internal; SSL to backend" if { ssl_bc } - http-response add-header X-Boost-Step3 "haproxy-internal; no SSL to backend" if !{ ssl_bc } + http-response add-header X-Boost-Step3 "haproxy-internal; ssl-backend" if { ssl_bc } + http-response add-header X-Boost-Step3 "haproxy-internal; no-ssl-backend" if !{ ssl_bc } # Debug: Enable this to add a full log line in the response ### http-response add-header X-Haproxy-Log-Internal "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" diff --git a/etc/varnish/default.vcl b/etc/varnish/default.vcl index 1f4ad01..80e6d15 100644 --- a/etc/varnish/default.vcl +++ b/etc/varnish/default.vcl @@ -94,13 +94,13 @@ sub vcl_deliver { # BEGIN HTTP tagging if (resp.http.Set-Cookie && resp.http.Cache-Control) { - set resp.http.X-Boost-Step2 = "varnish WITH set-cookie AND cache-control on backend server"; + set resp.http.X-Boost-Step2 = "varnish; set-cookie; cache-control"; } elseif (resp.http.Set-Cookie) { - set resp.http.X-Boost-Step2 = "varnish WITH set-cookie and NO cache-control on backend server"; + set resp.http.X-Boost-Step2 = "varnish; set-cookie; no-cache-control"; } elseif (resp.http.Cache-Control) { - set resp.http.X-Boost-Step2 = "varnish with NO set-cookie and WITH cache-control on backend server"; + set resp.http.X-Boost-Step2 = "varnish; no-set-cookie; cache-control"; } else { - set resp.http.X-Boost-Step2 = "varnish with NO set-cookie and NO cache-control on backend server"; + set resp.http.X-Boost-Step2 = "varnish; no-set-cookie; no-cache-control"; } # END HTTP tagging