add yaml service template with configured haproxy ssl certificates in config.xml

2026-04-15 22:20:31 -04:00 · 2021-02-09 16:00:39 +01:00 · 2021-02-09 16:00:39 +01:00 · ca98e9fdb2
commit ca98e9fdb2
parent aa194e874a
3 changed files with 63 additions and 1 deletions
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -1,7 +1,7 @@
 PLUGIN_NAME=		haproxy
 PLUGIN_VERSION=		2.26
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
-PLUGIN_DEPENDS=		haproxy20
+PLUGIN_DEPENDS=		haproxy
 PLUGIN_MAINTAINER=	opnsense@moov.de

 .include "../../Mk/plugins.mk"
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/+TARGETS
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/+TARGETS
@ -1,2 +1,3 @@
 haproxy.conf:/usr/local/etc/haproxy.conf
 rc.conf.d:/etc/rc.conf.d/haproxy
+sslCerts.yaml:/usr/local/etc/haproxy/sslCerts.yaml
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/sslCerts.yaml
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/sslCerts.yaml
@ -0,0 +1,61 @@
+#
+# Automatically generated configuration.
+# Do not edit this file manually.
+#
+# List all frontends with configured ssl certificates in config.xml
+{# ################## #}
+{# ##### Macros ##### #}
+{# ################## #}
+{%  macro getCA(refId) -%}
+{%    set result = '{}' %}
+{%    for data in helpers.getNodeByTag('ca') if data.refid == refId %}
+{{      data.crt -}}
+{%    else %}
+{{     "{}" }}
+{%    endfor %}
+{%- endmacro %}
+{%  macro getCert(refId, indent=4) -%}
+{%    for data in helpers.getNodeByTag('cert') if data.refid == refId %}
+{%      if data.caref %}
+{%        do data.update({'ca': getCA(data.caref)}) %}
+{%      else %}
+{%        do data.update({'ca': {} }) %}
+{%      endif %}
+crt: {{ data.crt }}
+key: {{ data.prv }}
+ca: {{ data.ca }}
+{%    endfor %}
+{%- endmacro %}
+{# ################## #}
+{# ##### Main ##### #}
+{# ################## #}
+{% set enabled_frontends = [] %}
+{% set crt_list_template = "/tmp/haproxy/ssl/%s.certlist" %}
+{% set cert_template = "/tmp/haproxy/ssl/%s.pem" %}
+{% for frontend in helpers.toList('OPNsense.HAProxy.frontends.frontend') %}
+{%  set certs = [] %}
+{%  for cert in frontend.get('ssl_default_certificate', '').split(',') + frontend.get('ssl_certificates', '').split(',') if cert %}
+{%    do certs.append(cert) %}
+{%  endfor %}
+{%  do frontend.update({'certs': certs}) %}
+{%  if frontend.enabled == '1' and frontend.ssl_enabled == '1' and frontend.certs|length > 0 %}
+{%    do enabled_frontends.append(frontend) %}
+{%  endif %}
+{% endfor %}
+{% if helpers.exists('OPNsense.HAProxy.frontends') and enabled_frontends|length > 0 %}
+frontends:
+{%  for frontend in enabled_frontends %}
+  "{{ frontend.id }}":
+    name: {{ frontend.name }}
+    crt_list_path: {{ cert_template % frontend.id }}
+    certs:
+{%    for cert_refid in frontend.certs %}
+      {{ cert_refid }}:
+        path: {{ cert_template % cert_refid }}
+        default: {{ "True" if frontend.ssl_default_certificate == cert_refid else "False" }}
+{{      getCert(cert_refid) | indent( width=8, indentfirst=True) -}}
+{%    endfor %}
+{%  endfor %}
+{% else %}
+frontends: {}
+{% endif %}