feat: move listen 443 to strem to enable true ssl passthrough

2025-12-06 05:41:35 +01:00 · 2024-02-21 12:20:51 +00:00
parent 860bd22f7a
commit ba86d5c482
4 changed files with 44 additions and 2 deletions
--- a/nginx.py
+++ b/nginx.py
@@ -26,6 +26,26 @@ def dump_config(vmList, masterAddress):
            [ f.write(c) for c in vmo.dumpIptables(remove=True)]

    with open("/etc/nginx/stream_include.conf", "w") as f:
+        
+        # ssl passthrough/no-terminate #
+        ssl_passthrough_map = []
+        for vmo in vmList:
+            relevant_subdomains = filter(lambda x: x.get("no-terminate-ssl"), vmo.subdomains)
+            for s in relevant_subdomains:
+                print(s)
+                # build the map contents #
+                if s.get("include-subdomains"):
+                    match = "~.*{}".format(s.get("name"))
+                else:
+                    match = s.get("name")
+
+                ssl_passthrough_map.append("{} {}:443;".format(match, vmo.ip))
+
+        environment = jinja2.Environment(loader=jinja2.FileSystemLoader(searchpath="./templates"))
+        template = environment.get_template("nginx_stream_ssl_map.conf.j2")
+        f.write(template.render(ssl_passthrough_map=ssl_passthrough_map))
+
+
        for vmo in vmList:
            [ f.write(c) for c in vmo.dumpStreamComponents()]
        for vmo in set(vmList):