diff options
| author | Georg Pfuetzenreuter | 2023-02-05 19:19:27 +0100 |
|---|---|---|
| committer | Georg Pfuetzenreuter | 2023-02-05 19:19:27 +0100 |
| commit | e3e4caaabe9795c56468e67c3b9105b2a5f53145 (patch) | |
| tree | 2da614fa93887977bcdbcec85868ca1e8875b839 | |
| parent | 119e97805df0c1491d47e63609325624f4f08baf (diff) | |
| download | salt-e3e4caaabe9795c56468e67c3b9105b2a5f53145.tar.gz salt-e3e4caaabe9795c56468e67c3b9105b2a5f53145.tar.bz2 salt-e3e4caaabe9795c56468e67c3b9105b2a5f53145.zip | |
web-proxy: IPv6 listener brackets
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| -rw-r--r-- | pillar/map.jinja | 4 | ||||
| -rw-r--r-- | pillar/role/web-proxy.sls | 11 |
2 files changed, 12 insertions, 3 deletions
diff --git a/pillar/map.jinja b/pillar/map.jinja index 849eb15..239144a 100644 --- a/pillar/map.jinja +++ b/pillar/map.jinja @@ -9,6 +9,8 @@ {#- START Listener detection logic -#} {%- set listen_ips = [] -%} +{%- set listen_ips4 = [] -%} +{%- set listen_ips6 = [] -%} {%- set minion = grains['id'] -%} {%- set legal6s = ('fd29', '2a01:4f8:11e:2200') -%} {%- set ip4s = salt.saltutil.runner('mine.get', tgt=minion, fun='network.ip_addrs', tgt_type='glob') -%} @@ -16,11 +18,13 @@ {%- if minion in ip4s -%}{%- for ip in ip4s[minion] -%} {%- if salt['network.is_private'](ip) -%} {%- do listen_ips.append(ip) -%} +{%- do listen_ips4.append(ip) -%} {%- endif -%} {%- endfor -%}{%- endif -%} {%- if minion in ip6s -%}{%- for ip in ip6s[minion] -%} {%- if ip.startswith(legal6s) -%} {%- do listen_ips.append(ip) -%} +{%- do listen_ips6.append(ip) -%} {%- endif -%} {%- endfor -%}{%- endif -%} diff --git a/pillar/role/web-proxy.sls b/pillar/role/web-proxy.sls index 2adc81c..398ecf0 100644 --- a/pillar/role/web-proxy.sls +++ b/pillar/role/web-proxy.sls @@ -1,4 +1,4 @@ -{%- from slspath ~ '/../map.jinja' import listen_ips -%} +{%- from slspath ~ '/../map.jinja' import listen_ips, listen_ips4, listen_ips6 -%} nginx: snippets: @@ -23,9 +23,14 @@ nginx: - fastcgi_param: SCRIPT_FILENAME $document_root$fastcgi_script_name {%- if listen_ips | length %} listen: - {%- for ip in listen_ips %} - - listen: {{ ip }}:443 ssl http2 + {%- for ip4 in listen_ips4 %} + - listen: {{ ip4 }}:443 ssl http2 {%- endfor %} + {%- if listen_ips6 | length %} + {%- for ip6 in listen_ips6 %} + - listen: '[{{ ip6 }}]:443 ssl http2' + {%- endfor %} + {%- endif %} {%- endif %} firewalld: |