From 56a4569d9845791b3bbe07d43ae7385c244a461d Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Wed, 18 Dec 2024 14:58:09 -0500 Subject: [PATCH] fix tls redirect acl --- salt/haproxy/config/haproxy.cfg.jinja | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/haproxy/config/haproxy.cfg.jinja b/salt/haproxy/config/haproxy.cfg.jinja index 9c12b264..c42c9752 100644 --- a/salt/haproxy/config/haproxy.cfg.jinja +++ b/salt/haproxy/config/haproxy.cfg.jinja @@ -89,7 +89,6 @@ frontend main bind :20001 accept-proxy bind 0.0.0.0:80 bind :::80 - bind 127.0.0.1:19001 # This is our TLS socket. # HTTPS Binds # Advertise http/1.1 over NPN to enable TLS False Start @@ -134,7 +133,7 @@ frontend main use_backend letsencrypt-well-known if letsencrypt-well-known-acl # Determine if this request has TLS on the client side or not. - acl is_tls dst_port 19001 + acl is_tls ssl_fc acl our_domains hdr(host) -i -f /etc/haproxy/our_domains