upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #3226 from iqt4/os-haproxy_ssl-healthcheck

Browse source 
net/haproxy: fix HAProxy SSL preferences in healthchecks, closes #3221
This commit is contained in:
Frank Wall 2023-02-07 14:50:41 +01:00 committed by GitHub
commit f3bf7e8ff7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
View file

@ -1809,7 +1809,7 @@ backend {{backend.name}}
{# # 2. in health checks: to verify *only* health check communication to this server #}
{# # When 1. is enabled, health checks are automatically secured. #}
{# # Use-case for 2: when using TCP for server communication, but HTTPS for health checks. #}
{% if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and healthcheck_data.force_ssl|default('') == '1') %}
{% if server_data.ssl|default("") == '1' or (healthcheck_enabled == '1' and (healthcheck_data.ssl|default('') == 'ssl' or healthcheck_data.ssl|default('') == 'sslsni')) %}
{# # get status of ssl verification #}
{% set ssl_verify_enabled = '0' %}
{% if helpers.exists('OPNsense.HAProxy.general.tuning.sslServerVerify') and OPNsense.HAProxy.general.tuning.sslServerVerify|default("") != 'ignore' %}