From e4766e54ac1e9dd1f8c87c082f13e997ac5bf0bc Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 1 Sep 2024 12:43:22 -0500
Subject: [PATCH] r/dch-proxy: Use separate sockets for IPv4/IPv6

When HAProxy binds to the IPv6 socket, it can handle both IPv6 and IPv4
clients.  IPv4 clients are handled as IPv4-mapped IPv6 addresses, which
some backends (i.e. Apache) cannot support.  To avoid this, we configure
HAProxy to bind to the IPv4 and IPv6 sockets separately, so that IPv4
addresses are handled as IPv4 addresses.
---
 roles/dch-proxy/templates/haproxy.cfg.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/dch-proxy/templates/haproxy.cfg.j2 b/roles/dch-proxy/templates/haproxy.cfg.j2
index cf983c2..afa2723 100644
--- a/roles/dch-proxy/templates/haproxy.cfg.j2
+++ b/roles/dch-proxy/templates/haproxy.cfg.j2
@@ -16,7 +16,7 @@ frontend main
     use_backend kubernetes if internal_net
 
 frontend main-tls
-    bind :::443
+    bind *:443,:::443 v6only
     mode tcp
     option tcplog