haproxy BOSH Release v8.0.6

Rename!

This release has been renamed from cf-haproxy-boshrelease to haproxy-boshrelease,
for greater clarity. It can be used completely independently from Cloud Foundry,
or in front of Cloud Foundry.

cf-haproxy BOSH Release v8.0.5

Bug Fixes

• Fixed an issue with the WSS/port 4443 config not using the correct SSL directory.
  Thanks @mvdkleijn!

cf-haproxy BOSH Release v8.0.4

Improvements

• Added the ability to customize what IP blocks are allowed access
  to the internal_only_domains, via the ha_proxy.trusted_domain_cidrs
  property.

  NOTE: By default, the trusted_domain_cidrs block all traffic
  (secure by default), so depending on your architecture, you may need to
  add this property to your manifest to retain access to those domains. Testing
  this upgrade in a non-production environment first is highly recommended.

cf-haproxy BOSH Release v8.0.3

New Features

• Added support for force-setting response headers in haproxy via the ha_proxy.rsp_headers property

Bug Fixes

• Fixed an issue preventing ha_proxy.disable_http from working correctly.

cf-haproxy BOSH Release v8.0.2

Bug Fixes

• Fixed an issue with the wrong X-Forwarded-Proto value being set for https

cf-haproxy-boshrelease BOSH Release v8.0.0

Releases are now managed via Concourse!

v8

New Features

• Supports multiple ssl certs on haproxy nodes. Specify them by using ha_proxy.ssl_pem as an array of certs, and the boshrelease will install all of them, and make them available to haproxy, in the event that you are serving multiple domains up via https, with different certs for each.
• Supports force-setting headers. If there are headers you need to enforce on your requests for some reason, you can now use ha_proxy.headers to configure the headers and values.
• Supports generic TCP proxying via the ha_proxy.tcp array. Each element in the array defines a port to enable tcp-mode proxying on. Supposts TLS + TCP proxying as well

cf-hproxy-boshrelease v6

New Features:

HTTP -> HTTPS Redirection

cf-haproxy-boshrelease now supports redirecting requests from http to https for al requestsl, or a specified subset of hosted domains:

ha_proxy.https_redirect_domains - An array of domains for which to redirect http to https
ha_proxy.https_redirect_all_domains - A boolean controlling whether or not all domains will be redirected to https

Compression Support

cf-haproxy-boshrelease now supports using gzip compression for HTTP responses:

ha_proxy.compress_types - A space separated list of HTTP content types to compress

Thanks

This release was brought to you by the work of @Koizumi85, @shinji62, and @ronakbanka. Many thanks to them for all their help!

Added X-Forward-Proto header support

HAProxy will now make use of X-Forward-Proto headers correctly, if they are passed in from upstream forwarders like ELBs.

Many thanks to @shinji62 for the fix!

Fixed bug with enable_4443

Setting ha_proxy.enable_4443 to "false" now actually disables port 4443 listening!