adding fixes for files

Author: JasonFord

Dockerfile

@@ -5,13 +5,13 @@ RUN apk update --no-cache && apk upgrade --no-cache openssl && apk add --no-cach
 RUN mkdir -p /etc/codecov/ssl/certs && chown haproxy:haproxy /etc/codecov/ssl/certs && chown haproxy:haproxy /etc/haproxy
 COPY --chown=haproxy:haproxy --chmod=644 config/0-haproxy.conf /etc/haproxy/0-haproxy.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/0-haproxy-no-chroot.conf /etc/haproxy/0-haproxy-no-chroot.conf.template
-COPY --chown=haproxy:haproxy --chmod=644 config/2-http.conf /etc/haproxy/2-http.conf.template
-COPY --chown=haproxy:haproxy --chmod=644 config/3-ssl.conf /etc/haproxy/3-ssl.conf.template
 
 FROM base as self-hosted
 COPY --chmod=755 enterprise.sh /usr/local/bin/enterprise.sh
+COPY --chown=haproxy:haproxy --chmod=644 config/3-ssl.conf /etc/haproxy/3-ssl.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/1-backends.conf /etc/haproxy/1-backends.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/1-minio.conf /etc/haproxy/1-minio.conf.template
+COPY --chown=haproxy:haproxy --chmod=644 config/2-http.conf /etc/haproxy/2-http.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/routing.map /etc/haproxy/routing.map
 COPY --chown=haproxy:haproxy --chmod=644 config/minio.map /etc/haproxy/minio.map
 ENV CODECOV_API_HOST=api
@@ -43,6 +43,8 @@ ENTRYPOINT ["/usr/local/bin/enterprise.sh"]
 FROM base as onprem
 COPY --chmod=755 onprem.sh /usr/local/bin/onprem.sh
 COPY --chown=haproxy:haproxy --chmod=644 config/onprem.conf /etc/haproxy/onprem.conf.template
+COPY --chown=haproxy:haproxy --chmod=644 config/onprem-ssl.conf /etc/haproxy/onprem-ssl.conf.template
+COPY --chown=haproxy:haproxy --chmod=644 config/onprem-http.conf /etc/haproxy/onprem-http.conf.template
 COPY --chown=haproxy:haproxy --chmod=644 config/onprem.map /etc/haproxy/routing.map
 ENV CODECOV_ONPREM_HOST_HEADER="%[req.hdr(Host)]"
 ENV CODECOV_ONPREM_HOST=onprem_host

config/onprem-http.conf

@@ -0,0 +1,4 @@
+frontend http
+    bind :${CODECOV_GATEWAY_HTTP_PORT}
+    use_backend %[path,map_reg("/etc/haproxy/routing.map")]
+    default_backend be_onprem

config/onprem-ssl.conf

@@ -0,0 +1,8 @@
+frontend ssl
+    bind :${CODECOV_GATEWAY_HTTP_PORT}
+    bind :${CODECOV_GATEWAY_HTTPS_PORT} ssl crt /etc/codecov/ssl/certs/cert.crt
+    http-request set-header X-Forwarded-Proto https if { ssl_fc }
+    http-request redirect scheme https unless { ssl_fc }
+    use_backend %[path,map_reg("/etc/haproxy/routing.map")]
+
+    default_backend be_onprem

onprem.sh

@@ -2,12 +2,29 @@
 set -e
 _start_haproxy() {
   export DOLLAR='$'
-  envsubst < /etc/haproxy/0-haproxy.conf.template > /etc/haproxy/0-haproxy.conf
-  envsubst < /etc/haproxy/onprem.conf.template > /etc/haproxy/onprem.conf
+  if [ "$CODECOV_GATEWAY_SSL_ENABLED" ]; then
+    echo 'Codecov gateway ssl enabled'
+    envsubst < /etc/haproxy/onprem-ssl.conf.template > /etc/haproxy/2-frontends.conf
+  else
+    echo 'Codecov gateway ssl disabled'
+    envsubst < /etc/haproxy/onprem-http.conf.template > /etc/haproxy/2-frontends.conf
+  fi
+  ssl_string="ssl verify none "
+  if [ $CODECOV_ONPREM_SCHEME = "https" ]; then
+    export CODECOV_FRONTEND_SSL_FLAG=$ssl_string
+  fi
+   if [ "$CODECOV_GATEWAY_CHROOT_DISABLED" ]; then
+      echo 'Codecov gateway chroot disabled'
+      envsubst < /etc/haproxy/0-haproxy-no-chroot.conf.template > /etc/haproxy/0-haproxy.conf
+    else
+      envsubst < /etc/haproxy/0-haproxy.conf.template > /etc/haproxy/0-haproxy.conf
+    fi
+  envsubst < /etc/haproxy/onprem.conf.template > /etc/haproxy/onprem-backends.conf
   echo "Starting haproxy"
-  haproxy -W -db -f /etc/haproxy/0-haproxy.conf -f /etc/haproxy/onprem.conf
+  haproxy -W -db -f /etc/haproxy/0-haproxy.conf -f /etc/haproxy/onprem-backends.conf -f /etc/haproxy/2-frontends.conf
 }
 
+
 if [ -z "$1" ];
 then
   _start_haproxy