new options

utils/haproxy_config.py

@@ -93,8 +93,11 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
     
     os.makedirs(os.path.dirname(HAPROXY_CFG), exist_ok=True)
     
-    if is_backend_exist(backend_name):
-        return f"Backend {backend_name} already exists. Cannot add duplicate."
+    # Generate unique backend name with hostname suffix
+    unique_backend_name = f"{backend_name}_{sanitize_name(frontend_hostname)}" if frontend_hostname else backend_name
+    
+    if is_backend_exist(unique_backend_name):
+        return f"Backend {unique_backend_name} already exists. Cannot add duplicate."
     
     is_no_lb = lb_method == 'no-lb'
     if is_no_lb and len(backend_servers) > 1:
@@ -116,19 +119,12 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
             
             haproxy_cfg.write("\n")
             
-            # ===== HTTP-REQUEST RULES (BEFORE REDIRECT) =====
-            
-            if is_no_lb:
-                haproxy_cfg.write(f"    http-request set-header X-Forwarded-For %[src]\n")
-                if use_ssl:
-                    haproxy_cfg.write(f"    http-request set-header X-Forwarded-Proto https\n")
-                else:
-                    haproxy_cfg.write(f"    http-request set-header X-Forwarded-Proto http\n")
+            # ===== SET HEADERS (RIGHT AFTER BIND/CERT) =====
+            haproxy_cfg.write(f"    http-request set-header X-Forwarded-For %[src]\n")
+            if use_ssl:
+                haproxy_cfg.write(f"    http-request set-header X-Forwarded-Proto https\n")
             else:
-                haproxy_cfg.write(f"    balance {lb_method}\n")
-                
-                if forward_for:
-                    haproxy_cfg.write(f"    option forwardfor\n")
+                haproxy_cfg.write(f"    http-request set-header X-Forwarded-Proto http\n")
             
             # Mode
             haproxy_cfg.write(f"    mode {protocol}\n")
@@ -139,6 +135,12 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
                 acl_name_sanitized = f"is_{sanitize_name(frontend_hostname)}"
                 haproxy_cfg.write(f"    acl {acl_name_sanitized} hdr(host) -i {frontend_hostname}\n")
             
+            # Balance settings for non-no-lb mode
+            if not is_no_lb:
+                haproxy_cfg.write(f"    balance {lb_method}\n")
+                if forward_for:
+                    haproxy_cfg.write(f"    option forwardfor\n")
+            
             # DOS protection (BEFORE REDIRECT!)
             if is_dos:
                 haproxy_cfg.write(f"    stick-table type ip size 1m expire {ban_duration} store http_req_rate(1m)\n")
@@ -200,14 +202,12 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
             
             # ===== BACKEND ROUTING =====
             if acl_name_sanitized:
-                # Jeśli jest hostname, routuj z ACL
-                haproxy_cfg.write(f"    use_backend {backend_name} if {acl_name_sanitized}\n")
+                haproxy_cfg.write(f"    use_backend {unique_backend_name} if {acl_name_sanitized}\n")
             else:
-                # Default backend
-                haproxy_cfg.write(f"    default_backend {backend_name}\n")
+                haproxy_cfg.write(f"    default_backend {unique_backend_name}\n")
             
-            # ===== PRIMARY BACKEND =====
-            haproxy_cfg.write(f"\nbackend {backend_name}\n")
+            # ===== PRIMARY BACKEND (WITH UNIQUE NAME) =====
+            haproxy_cfg.write(f"\nbackend {unique_backend_name}\n")
             
             if not is_no_lb:
                 haproxy_cfg.write(f"    balance {lb_method}\n")
@@ -241,8 +241,10 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
             
             # ===== REDIRECT FRONTEND (HTTP -> HTTPS) =====
             if backend_ssl_redirect and ssl_redirect_backend_name:
-                if is_backend_exist(ssl_redirect_backend_name):
-                    return f"Redirect backend {ssl_redirect_backend_name} already exists. Cannot add duplicate."
+                unique_redirect_backend_name = f"{ssl_redirect_backend_name}_{sanitize_name(frontend_hostname)}" if frontend_hostname else ssl_redirect_backend_name
+                
+                if is_backend_exist(unique_redirect_backend_name):
+                    return f"Redirect backend {unique_redirect_backend_name} already exists. Cannot add duplicate."
                 
                 # Generate unique name for redirect frontend
                 redirect_frontend_name = f"redirect_https_{sanitize_name(frontend_hostname)}" if frontend_hostname else f"redirect_https_{frontend_name}"
@@ -255,12 +257,12 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
                 if frontend_hostname:
                     acl_name_redirect = f"is_{sanitize_name(frontend_hostname)}_redirect"
                     haproxy_cfg.write(f"    acl {acl_name_redirect} hdr(host) -i {frontend_hostname}\n")
-                    haproxy_cfg.write(f"    use_backend {ssl_redirect_backend_name} if {acl_name_redirect}\n")
+                    haproxy_cfg.write(f"    use_backend {unique_redirect_backend_name} if {acl_name_redirect}\n")
                 else:
-                    haproxy_cfg.write(f"    default_backend {ssl_redirect_backend_name}\n")
+                    haproxy_cfg.write(f"    default_backend {unique_redirect_backend_name}\n")
                 
                 # Redirect backend
-                haproxy_cfg.write(f"\nbackend {ssl_redirect_backend_name}\n")
+                haproxy_cfg.write(f"\nbackend {unique_redirect_backend_name}\n")
                 haproxy_cfg.write(f"    mode http\n")
                 haproxy_cfg.write(f"    redirect scheme https code 301 if !{{ ssl_fc }}\n")