BUG: keep ssl and ssl-passthrough active together

haproxytech · Apr 12, 2024 · b27e410 · b27e410
1 parent fd92927
commit b27e410
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 8 deletions.
diff --git a/documentation/annotations.md b/documentation/annotations.md
@@ -796,6 +796,8 @@ http-server-close: "true"
 
   :information_source: Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
 
+  :information_source: HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
+
 Possible values:
 
 - true

diff --git a/documentation/doc.yaml b/documentation/doc.yaml
@@ -1585,6 +1585,7 @@ annotations:
     tip:
       - Traffic is proxied in TCP mode which makes unavailable a number of the controller
         annotations (requiring HTTP mode).
+      - HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.        
     values:
       - "true"
       - "false"

diff --git a/pkg/handler/https.go b/pkg/handler/https.go
@@ -44,17 +44,19 @@ type HTTPS struct {
 	strictSNI bool
 }
 
+//nolint:golint, stylecheck
+const HTTPS_PORT_SSLPASSTHROUGH int64 = 8444
+
 func (handler HTTPS) bindList(passhthrough bool) (binds []models.Bind) {
 	if handler.IPv4 {
 		binds = append(binds, models.Bind{
-			Address: func() (addr string) {
-				addr = handler.AddrIPv4
+			Address: handler.AddrIPv4,
+			Port: func() *int64 {
 				if passhthrough {
-					addr = "127.0.0.1"
+					return utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH)
 				}
-				return
+				return utils.PtrInt64(handler.Port)
 			}(),
-			Port: utils.PtrInt64(handler.Port),
 			BindParams: models.BindParams{
 				Name:        "v4",
 				AcceptProxy: passhthrough,
@@ -66,11 +68,16 @@ func (handler HTTPS) bindList(passhthrough bool) (binds []models.Bind) {
 			Address: func() (addr string) {
 				addr = handler.AddrIPv6
 				if passhthrough {
-					addr = "::1"
+					addr = "::"
 				}
 				return
 			}(),
-			Port: utils.PtrInt64(handler.Port),
+			Port: func() *int64 {
+				if passhthrough {
+					return utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH)
+				}
+				return utils.PtrInt64(handler.Port)
+			}(),
 			BindParams: models.BindParams{
 				AcceptProxy: passhthrough,
 				Name:        "v6",
@@ -220,7 +227,7 @@ func (handler HTTPS) enableSSLPassthrough(h haproxy.HAProxy) (err error) {
 		h.BackendServerCreate(h.BackSSL, models.Server{
 			Name:         h.FrontHTTPS,
 			Address:      "127.0.0.1",
-			Port:         utils.PtrInt64(handler.Port),
+			Port:         utils.PtrInt64(HTTPS_PORT_SSLPASSTHROUGH),
 			ServerParams: models.ServerParams{SendProxyV2: "enabled"},
 		}),
 		h.BackendSwitchingRuleCreate(h.FrontSSL, models.BackendSwitchingRule{
-Original file line number
+Diff line change
@@ Expand Up / @@ -796,6 +796,8 @@ http-server-close: "true" @@
       :information_source: Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
+      :information_source: HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
     Possible values:
     - true
@@ Expand Down @@