WIP stack/erp5/haproxy.cfg.in: De-hardcode request ip and port in rewritetules

WIP: Host header is not sanitised by haproxy: curl -vk --header 'Host: 10.0.11.117:2150/unit_test_0/VirtualHostRoot/vh_unit_test_0/?' https://10.0.11.117:2150/unit_test_0/vincent/ Instead, use the requests' Host header. This allows accessing the balancer under any name, including ones not expected by the backend.

WIP stack/erp5/haproxy.cfg.in: De-hardcode request ip and port in rewritetules
WIP: Host header is not sanitised by haproxy: curl -vk --header 'Host: 10.0.11.117:2150/unit_test_0/VirtualHostRoot/vh_unit_test_0/?' https://10.0.11.117:2150/unit_test_0/vincent/ Instead, use the requests' Host header. This allows accessing the balancer under any name, including ones not expected by the backend.
2166ecb0 · Vincent Pelletier · 341c36d5 · 2166ecb0 · 2166ecb0
Commit 2166ecb0 authored Apr 18, 2024 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

stack/erp5/buildout.hash.cfg stack/erp5/buildout.hash.cfg +1 -1

stack/erp5/haproxy.cfg.in stack/erp5/haproxy.cfg.in +1 -1

No files found.
--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -98,7 +98,7 @@ md5sum = 409a7505548576ebf0e4d5cc218e0753

 [template-haproxy-cfg]
 filename = haproxy.cfg.in
-md5sum = 2cd76971b64b0bf7771978ad07bfc2e5
+md5sum = bdb624dcc3571e4280d2cb2cc7cd7a15

 [template-rsyslogd-cfg]
 filename = rsyslogd.cfg.in

--- a/stack/erp5/haproxy.cfg.in
+++ b/stack/erp5/haproxy.cfg.in
@@ -261,7 +261,7 @@ frontend frontend_{{ group_name }}

 {%   for name, url in sorted(backend_dict.items()) %}
 backend backend_{{ group_name }}_{{ name }}
-  http-request replace-path ^/{{ name }}(.*) /VirtualHostBase/https/{{ ip }}:{{ port }}/VirtualHostRoot/_vh_{{ name }}\1
+  http-request replace-path ^/{{ name }}(.*) /VirtualHostBase/https/%[req.hdr(Host)]/VirtualHostRoot/_vh_{{ name }}\1
  timeout server 8h
  server {{ name }} {{ urllib_parse.urlparse(url).netloc }}
 {%-  endfor %}