frontend: Add storyboard.baserock.org to haproxy.cfgsam/storyboard-haproxy

1 files changed, 12 insertions, 0 deletions

diff --git a/frontend/haproxy.cfg b/frontend/haproxy.cfg
index 9910bed5..99d8b68a 100644
--- a/frontend/haproxy.cfg
+++ b/frontend/haproxy.cfg
@@ -28,6 +28,10 @@ defaults
 frontend http-in
     bind *:80
 
+    # Forward Storyboard http:// to https://. The Storyboard Apache config
+    # will do this if we don't, but we may as well do it here.
+    redirect scheme https if { hdr(Host) -m beg -i storyboard } !{ ssl_fc }
+
     # The hdr(host) call means 'extract the first Host header from the HTTP request
     # or response', the '-m beg' switch means 'match against the beginning of it'
     # and the '-i' flag makes the match case-insensitive.
@@ -39,6 +43,11 @@ frontend http-in
     use_backend baserock_mason_x86_32_http if host_mason_x86_32
     use_backend baserock_openid_provider_http if host_openid
 
+frontend https-in
+    bind *:443
+
+    use_backend baserock_storyboard_https if { hdr(Host) -m beg -i storyboard }
+
 frontend ssh-in:
     # FIXME: it'd be better if we could limit traffic on port 29418 to
     # gerrit.baserock.org. There's no way of knowing from an SSH request
@@ -65,3 +74,6 @@ backend baserock_mason_x86_32_http
 
 backend baserock_openid_provider_http
     server baserock_openid_provider 192.168.222.67:80
+
+backend baserock_storyboard_https
+    server baserock_storyboard 192.168.222.40:443