From a09448985c152ebd2a1c8197c7f325f8930b0659 Mon Sep 17 00:00:00 2001
From: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
Date: Mon, 30 Sep 2024 20:06:27 +0200
Subject: [PATCH] Added https lb for lb

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
---
 roles/loadbalancer/templates/nginx.conf.j2 | 25 +++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/roles/loadbalancer/templates/nginx.conf.j2 b/roles/loadbalancer/templates/nginx.conf.j2
index 14b4177..479efc0 100644
--- a/roles/loadbalancer/templates/nginx.conf.j2
+++ b/roles/loadbalancer/templates/nginx.conf.j2
@@ -2,6 +2,7 @@ include /etc/nginx/modules-enabled/*.conf;
 
 events {}
 
+# TCP Load Balancing for the K3s API
 stream {
   upstream k3s_servers {
     {% for ip in k3s_server_ips %}
@@ -19,14 +20,36 @@ http {
   upstream k3s_servers_http {
     least_conn;
     {% for ip in k3s_server_ips %}
-    server {{ ip }};
+    server {{ ip }}:80;
+    {% endfor %}
+  }
+
+  upstream k3s_servers_https {
+    least_conn;
+    {% for ip in k3s_server_ips %}
+    server {{ ip }}:443;
     {% endfor %}
   }
 
   server {
+    listen 80;
+
     location / {
       proxy_pass http://k3s_servers_http;
       proxy_set_header Host $http_host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto http;
+    }
+  }
+
+  server {
+    listen 443;
+
+    location / {
+      proxy_pass https://k3s_servers_https;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
     }
   }
 }