From 2d4dceb30e6ecba2bdca4e57d1a2cddd87f03d7b Mon Sep 17 00:00:00 2001 From: Joao Morais Date: Sat, 10 Mar 2018 17:28:02 -0300 Subject: [PATCH] Fix config with long fqdn #112 --- pkg/controller/config.go | 7 +++++++ pkg/controller/template.go | 6 ++++++ pkg/types/types.go | 1 + rootfs/etc/haproxy/template/haproxy.tmpl | 9 +++++---- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/pkg/controller/config.go b/pkg/controller/config.go index b9399f7b7..123bf88f8 100644 --- a/pkg/controller/config.go +++ b/pkg/controller/config.go @@ -18,6 +18,8 @@ package controller import ( "bufio" + "crypto/md5" + "fmt" "github.com/golang/glog" "github.com/jcmoraisjr/haproxy-ingress/pkg/common/file" "github.com/jcmoraisjr/haproxy-ingress/pkg/common/ingress" @@ -170,6 +172,7 @@ func (cfg *haConfig) createHAProxyServers() { UseHTTPS: server.SSLCertificate != "" || isDefaultServer, Hostname: server.Hostname, HostnameLabel: labelizeHostname(server.Hostname), + HostnameHash: hashHostname(server.Hostname), SSLCertificate: server.SSLCertificate, SSLPemChecksum: server.SSLPemChecksum, RootLocation: haRootLocation, @@ -244,6 +247,10 @@ func labelizeHostname(hostname string) string { return re.ReplaceAllLiteralString(hostname, "_") } +func hashHostname(hostname string) string { + return fmt.Sprintf("%x", md5.Sum([]byte(hostname))) +} + // This could be improved creating a list of auth secrets (or even configMaps) // on Ingress and saving usr(s)/pwd in auth.BasicDigest struct func (cfg *haConfig) createUserlists() { diff --git a/pkg/controller/template.go b/pkg/controller/template.go index 09325c28e..f30d4cf79 100644 --- a/pkg/controller/template.go +++ b/pkg/controller/template.go @@ -33,6 +33,12 @@ type template struct { } var funcMap = gotemplate.FuncMap{ + "iif": func(q bool, o1, o2 string) string { + if q { + return o1 + } + return o2 + }, "backendHash": func(endpoint string) string { return utils.BackendHash(endpoint) }, diff --git a/pkg/types/types.go b/pkg/types/types.go index e7b22ae9a..10bee2d16 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -105,6 +105,7 @@ type ( UseHTTPS bool `json:"useHTTPS"` Hostname string `json:"hostname"` HostnameLabel string `json:"hostnameLabel"` + HostnameHash string `json:"hostnameHash"` SSLCertificate string `json:"sslCertificate"` SSLPemChecksum string `json:"sslPemChecksum"` RootLocation *HAProxyLocation `json:"defaultLocation"` diff --git a/rootfs/etc/haproxy/template/haproxy.tmpl b/rootfs/etc/haproxy/template/haproxy.tmpl index cc1bb5cab..ba1ee988c 100644 --- a/rootfs/etc/haproxy/template/haproxy.tmpl +++ b/rootfs/etc/haproxy/template/haproxy.tmpl @@ -235,26 +235,27 @@ frontend httpsfront ###### {{- range $server := $ing.HAProxies }} {{- $host := $server.HostnameLabel }} +{{- $sock := iif (lt (len $host) 65) $host $server.HostnameHash }} ## ## {{ if $server.IsDefaultServer }}Default backend{{ else }}{{ $server.Hostname }}{{ end }} {{- if or $server.UseHTTP $hasHTTPStoHTTP }} backend httpback-{{ $host }} mode http - server {{ $host }} unix@/var/run/haproxy-http-{{ $host }}.sock send-proxy-v2 + server {{ $host }} unix@/var/run/haproxy-http-{{ $sock }}.sock send-proxy-v2 {{- end }} {{- if $server.UseHTTPS }} backend httpsback-{{ $host }} mode tcp - server {{ $host }} unix@/var/run/haproxy-https-{{ $host }}.sock send-proxy-v2 + server {{ $host }} unix@/var/run/haproxy-https-{{ $sock }}.sock send-proxy-v2 {{- end }} {{- $sslconn := or $server.UseHTTPS $hasHTTPStoHTTP }} {{- $authSSLCert := $server.CertificateAuth.AuthSSLCert }} frontend httpfront-{{ $host }} {{- if or $server.UseHTTP $hasHTTPStoHTTP }} - bind unix@/var/run/haproxy-http-{{ $host }}.sock accept-proxy + bind unix@/var/run/haproxy-http-{{ $sock }}.sock accept-proxy {{- end }} {{- if $server.UseHTTPS }} @@ -262,7 +263,7 @@ frontend httpfront-{{ $host }} {{- if ne $authSSLCert.PemSHA "" }} # CA PEM checksum: {{ $authSSLCert.PemSHA }} {{- end }} - bind unix@/var/run/haproxy-https-{{ $host }}.sock ssl crt {{ $server.SSLCertificate }}{{ if ne $authSSLCert.CAFileName "" }} ca-file {{ $authSSLCert.CAFileName }} verify optional ca-ignore-err all crt-ignore-err all{{ end }} accept-proxy + bind unix@/var/run/haproxy-https-{{ $sock }}.sock ssl crt {{ $server.SSLCertificate }}{{ if ne $authSSLCert.CAFileName "" }} ca-file {{ $authSSLCert.CAFileName }} verify optional ca-ignore-err all crt-ignore-err all{{ end }} accept-proxy {{- end }} mode http