From 1c266453ee08139f136db5328c517aa08769d4cb Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 7 Nov 2024 17:12:08 +0100
Subject: [PATCH] Add docker_swarm_haproxy_accept_proxy because we disable it
 when using a ovn load balancer.

---
 defaults/main.yml        |  2 ++
 templates/haproxy.cfg.j2 | 10 +++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index b8c2d00..06b78d2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,6 +2,8 @@
 docker_swarm_cluster_haproxy_install: true
 # mesh, keepalive, global
 docker_swarm_haproxy_installation_type: 'global'
+docker_swarm_haproxy_accept_proxy_var: "{% if docker_swarm_haproxy_installation_type == 'global' %}true{% else %}false{% endif %}"
+docker_swarm_haproxy_accept_proxy: '{{ docker_swarm_haproxy_accept_proxy_var | bool }}
 # I did not find any way to make it dependant on docker_swarm_haproxy_installation_type
 docker_swarm_haproxy_keepalive_installation: false
 docker_swarm_haproxy_swarm_port: '{{ docker_api_port }}'
diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2
index 09f635c..e4cb26c 100644
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@@ -77,7 +77,7 @@ listen local_stats
 {% if docker_swarm_haproxy_plain_http_listener %}
 
 frontend http_{{ docker_swarm_haproxy_plain_http_port }}
-    bind *:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
+    bind *:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 
     mode http
     option http-keep-alive
@@ -108,9 +108,9 @@ frontend http_{{ docker_swarm_haproxy_plain_http_port }}
 {% endif %}
 
 frontend http
-    bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_installation_type == 'global' %} accept-proxy{% endif %}
+    bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
 
-    bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
+    bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
 
     mode http
     option http-keep-alive
@@ -155,9 +155,9 @@ frontend http
 {% if docker_swarm_expose_api_via_haproxy %}
 frontend docker_ft
 {% if docker_swarm_haproxy_plain_http_api %}
-    bind :{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_installation_type == 'global' and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
+    bind :{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% else %}
-    bind :{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_installation_type == 'global' and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
+    bind :{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
 {% endif %}
 
     mode {{ docker_swarm_api_haproxy_mode }}