Better proxy handling

templates/connect

@@ -3,7 +3,11 @@
 [[- if has .consul.connect "disable_default_tcp_check" ]]
           disable_default_tcp_check = [[ .consul.connect.disable_default_tcp_check ]]
 [[- end ]]
-[[- if gt (len .consul.connect.upstreams) 0 ]]
+[[- $connect_proxy := "" ]]
+[[- if and .proxy.enabled (has .proxy "service_name") (or (eq (urlParse .proxy.address).Hostname "localhost") (urlParse .proxy.address).Hostname "127.0.0.1") ]]
+  [[- $connect_proxy = .proxy.service_name ]]
+[[- end ]]
+[[- if or (gt (len .consul.connect.upstreams) 0) (ne $connect_proxy "") ]]
           proxy {
   [[- range $idx, $upstream := .consul.connect.upstreams ]]
             upstreams {
@@ -25,6 +29,14 @@
               }
     [[- end ]]
             }
+  [[- end ]]
+  [[- if ne $connect_proxy "" ]]
+             # Connect to the proxy service through the mesh
+             upstreams {
+               destination_name = [[ $connect_proxy | toJSON ]]
+               local_bind_port  = [[ (urlParse .proxy.address).Port ]]
+               destination_type = "service"
+             }
   [[- end ]]
           }
   [[- if has .consul.connect "tags" ]]

templates/file_env

@@ -22,6 +22,17 @@
     [[- end ]]
   [[- end ]]
 [[- end ]]
+[[- if .proxy.enabled ]]
+  [[- if not (has $env "HTTP_PROXY") ]]
+HTTP_PROXY=[[ .proxy.address ]]
+  [[- end ]]
+  [[- if not (has $env "HTTPS_PROXY") ]]
+HTTPS_PROXY=[[ .proxy.address ]]
+  [[- end ]]
+  [[- if and (has .proxy "no_proxy") (not (has $env "NO_PROXY")) ]]
+NO_PROXY=[[ join .proxy.no_proxy "," ]]
+  [[- end ]]
+[[- end ]]
 _EOT
         destination = "secrets/.env"
         perms       = 400

variables.yml

@@ -176,6 +176,9 @@ proxy:
     - 127.*
   # Address of the proxy
   address: http://[[ .instance ]]:[[ .instance ]]@127.0.0.1:3128
+  # If the proxy is reached through the service mesh, set the name of the service
+  # It's used to automatically add the service if proxy is enabled
+  # service_name: squid[[ .consul.suffix ]]
   # Is the proxy enabled
   enabled: false