{{ config.type }} {{ config.name }} {% if config.binds != 'None' -%} {% for bind in config.binds -%} bind {{ bind.ip }}:{{ bind.port }} {% if config.ssl != 'None' and config.mode == 'http' and config.ssl.cert %} ssl crt {{cert_path}}/{{ config.ssl.cert }} {% if config.http2 %}alpn h2,http/1.1{% endif %}{% endif %} {% endfor %} {% endif %} mode {{ config.mode }} {% if config.balance != 'None' -%} balance {{ config.balance }} {% endif -%} maxconn {{ config.maxconn }} {% if config.health_check != 'None' -%} {% if config.health_check.check == 'httpchk' and config.health_check.domain -%} option {{ config.health_check.check }} GET {{ config.health_check.path }} "HTTP/1.0\\r\\nHost: {{ config.health_check.domain }} {% else -%} option {{ config.health_check.check }} {% endif -%} {% endif %} {% if config.headers != 'None' -%} {%- for header in config.headers -%} {{ header.path }} {{ header.method }} {{ header.name }} {{ header.value }} {% endfor %} {% endif %} {% if config.whitelist and config.whitelist != 'None' -%} acl white_list_{{ config.whitelist }} src -f {{ service_dir }}/white/{{ config.whitelist }} tcp-request content accept if white_list_{{ config.whitelist }} tcp-request content reject {% endif %} {% if config.blacklist and config.blacklist != 'None' -%} tcp-request connection reject if { src -f {{ service_dir }}/black/{{ config.blacklist }} } {% endif %} {% if config.ddos -%} {{ ddos }} acl abuse sc1_http_req_rate({{ config.name }}) ge 100 acl flag_abuser sc1_inc_gpc0({{ config.name }}) tcp-request content reject if abuse flag_abuser # End config for DDOS {% endif -%} {% if config.acls != 'None' -%} {% for acl in config.acls -%} {% if acl.acl_if in (1, 2) -%} {% if config.mode == 'tcp' -%} {% set acl_then_hdr = 'ssl_fc_sni -i' -%} {% elif config.mode == 'http' and config.ssl == 'None' -%} {% set acl_then_hdr = 'hdr_beg(host) -i' -%} {% else -%} {% set acl_then_hdr = 'ssl_fc_sni -i' -%} {% endif %} {{ acl_then[acl.acl_then] }} {{ acl.acl_then_value }} if { {{ acl_then_hdr }} {{ acl.acl_value }} } {% elif acl.acl_if in (3, 4, 5) -%} {{ acl_then[acl.acl_then] }} {{ acl.acl_then_value }} if { {{ acl_if[acl.acl_if] }} {{ acl.acl_value }} } {% elif acl.acl_if == 6 -%} acl return_{{ acl.acl_value }} {{ acl_if[acl.acl_if] }} {{ acl.acl_value }} http-request return if return_{{ acl.acl_value }} {% elif acl.acl_if == 7 -%} acl set_header_{{ acl.acl_value }} {{ acl_if[acl.acl_if] }} {{ acl.acl_value }} http-request set_header_ if set_header_{{ acl.acl_value }} {% endif -%} {% endfor -%} {% endif -%} {% if config.slow_attack -%} {{ slow_attack }} {% endif -%} {% if config.forward_for -%} {{ forward_for }} {% endif -%} {% if config.redispatch -%} {{ redispatch }} {% endif -%} {% if config.ssl_offloading and config.ssl_offloading != 'None' -%} {{ ssl_offloading }} {% endif -%} {% if config.waf -%} filter spoe engine modsecurity config {{ service_dir }}/waf.conf http-request deny if { var(txn.modsec.code) -m int gt 0 } {% endif -%} {% if config.compression -%} {{ compression }} {% endif -%} {% if config.antibot -%} {{ antibot }} {% endif -%} {% if config.cookie != 'None' -%} cookie {{ config.cookie.name }} {% if config.cookie.domain != 'None' %} {{ config.cookie.domain }}{% endif %} {{ config.cookie.rewrite }} {{ config.cookie.prefix }} {{ config.cookie.nocache }} {{ config.cookie.postonly }} {{ config.cookie.dynamic }} {% if config.cookie.dynamic_key -%} dynamic-cookie-key {{ config.cookie.dynamic_key }} {% endif -%} {% endif -%} {% if config.ssl != 'None' and config.mode == 'http' -%} {%- if config.ssl.ssl_check_backend -%} {%- set ssl_check_option = 'ssl verify required' -%} {%- else -%} {%- set ssl_check_option = 'ssl verify none' -%} {%- endif -%} {% else -%} {%- set ssl_check_option = '' -%} {% endif -%} {% if config.servers_check != 'None' and config.servers_check.check_enabled -%} {%- set check_option = ' check inter ' + config.servers_check.inter|string() + ' rise ' + config.servers_check.rise|string() + ' fall ' + config.servers_check.fall|string() %} {% else -%} {% set check_option = '' -%} {% endif -%} {% if config.option != '' and config.option != 'None' -%} {% for o in config.option.split('\\r\\n') -%} {{ o }} {% endfor -%} {% endif -%} {% if config.cache -%} http-request cache-use {{ config.name }} http-response cache-store {{ config.name }} {% endif -%} {% if config.circuit_breaking != 'None' -%} default-server observe {{ config.circuit_breaking.observe }} error-limit {{ config.circuit_breaking.error_limit }} on-error {{ config.circuit_breaking.on_error }} {% endif -%} {%- if config.backend_servers != 'None' and config.servers_template == 'None' -%} {%- for backend in config.backend_servers -%} server {{ backend.server }} {{ backend.server }}:{{ backend.port }} port {{ backend.port_check }} {{ check_option }} {{ ssl_check_option }} maxconn {{ backend.maxconn }}{% if backend.send_proxy %} send-proxy{% endif %}{% if backend.backup %} backup {% endif %} {% endfor -%} {%- endif -%} {% if config.servers_template != 'None' -%} server-template {{ config.servers_template.prefix }} {{ config.servers_template.count }} {{ config.servers_template.servers }}: {{ config.servers_template.port }} {{ check_option }} {% endif -%} {% if config.backends and config.backends != 'None' -%} use_backend {{ config.backends }} {% endif %} {% if config.cache %} cache {{ config.name }} total-max-size 4 max-age 240 {% endif %}