From e9eadc22787b5313c6486bd716e1ec82447735ea Mon Sep 17 00:00:00 2001
From: Yannik Schmidt <sheppy@atlantishq.de>
Date: Fri, 9 Dec 2022 23:39:06 +0100
Subject: [PATCH 1/3] feat: add ssl termination switch

---
 vm.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/vm.py b/vm.py
index 0ff17c9..269e17f 100644
--- a/vm.py
+++ b/vm.py
@@ -16,7 +16,7 @@ listen {name}
 HA_PROXY_TEMPLATE_SNI = '''
 frontend {subdomain}.{basedomain}
     bind 0.0.0.0:80
-    bind 0.0.0.0:443 ssl
+    bind 0.0.0.0:443 {ssl}
     http-request redirect scheme https unless {{ ssl_fc }}
     default_backend {name}
 
@@ -32,6 +32,7 @@ class VM:
         self.hostname = args.get("hostname")
         self.subdomains = args.get("subdomains")
         self.ports = args.get("ports")
+        self.terminateSSL = args.get("terminate-ssl")
         self.network = args.get("network") or "default"
         self.lease = self._get_lease_for_hostname()
         self.ip = self.lease.get("ipaddr")
@@ -65,8 +66,14 @@ class VM:
         # https components #
         for subdomain in self.subdomains:
             compositeName = "-".join((self.hostname, subdomain.replace(".","-")))
+
+            # check ssl termination #
+            ssl = ""
+            if self.terminateSSL:
+                ssl = "ssl"
+
             component = HA_PROXY_TEMPLATE_SNI.format(name=compositeName, basedomain=BASE_DOMAIN,
-                                                     ip=self.ip, subdomain=subdomain)
+                                                     ip=self.ip, subdomain=subdomain, ssl=ssl)
             components.append(component)
 
         return components

From 5f7ce0e31499d5cbeacef99a4e8bee055a86dd2d Mon Sep 17 00:00:00 2001
From: Yannik Schmidt <sheppy@atlantishq.de>
Date: Sun, 11 Dec 2022 02:57:33 +0100
Subject: [PATCH 2/3] feat: print static acl

---
 main.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.py b/main.py
index d1919e6..bd6ba68 100644
--- a/main.py
+++ b/main.py
@@ -4,9 +4,11 @@ import vm
 if __name__ == "__main__":
 
     FILE = "vms.json"
+    print(vm.HA_PROXY_STATIC_ACLS)
     with open(FILE) as f:
         jsonList = json.load(f)
         vmList = [ vm.VM(obj) for obj in jsonList ]
         
         for vmo in vmList:
             [ print(c) for c in vmo.dumpHAProxyComponents()]
+

From 6d829fc5eada5737223b35b33c362a3eb919e542 Mon Sep 17 00:00:00 2001
From: Yannik Schmidt <sheppy@atlantishq.de>
Date: Sun, 11 Dec 2022 02:57:53 +0100
Subject: [PATCH 3/3] feat: acme acl

---
 vm.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/vm.py b/vm.py
index 269e17f..db0007c 100644
--- a/vm.py
+++ b/vm.py
@@ -17,14 +17,18 @@ HA_PROXY_TEMPLATE_SNI = '''
 frontend {subdomain}.{basedomain}
     bind 0.0.0.0:80
     bind 0.0.0.0:443 {ssl}
-    http-request redirect scheme https unless {{ ssl_fc }}
+    http-request redirect scheme https unless is_acme {{ ssl_fc }}
     default_backend {name}
 
 backend {name}
-    server srv1 {ip} check maxconn 20
+    server srv1 {ip} check port 80 maxconn 20
 
 '''
 
+HA_PROXY_STATIC_ACLS = '''
+acl is_acme path -i -m beg /.well-known/acme-challenge/
+'''
+
 class VM:
 
     def __init__(self, args):