Merge with upstream
This commit is contained in:
commit
29c60df042
4 changed files with 117 additions and 15 deletions
|
@ -3,6 +3,11 @@
|
|||
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
|
||||
|
||||
include:
|
||||
{% if salt['pillar.get']('haproxy:include') %}
|
||||
{% for item in salt['pillar.get']('haproxy:include') %}
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
- haproxy.install
|
||||
- haproxy.service
|
||||
- haproxy.config
|
||||
- haproxy.config
|
||||
|
|
|
@ -12,3 +12,9 @@ haproxy_ppa_repo:
|
|||
haproxy.install:
|
||||
pkg.installed:
|
||||
- name: haproxy
|
||||
{% if salt['pillar.get']('haproxy:require') %}
|
||||
- require:
|
||||
{% for item in salt['pillar.get']('haproxy:require') %}
|
||||
- {{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
|
@ -1,17 +1,26 @@
|
|||
haproxy.service:
|
||||
{% if salt['pillar.get']('haproxy:enable', True) %}
|
||||
service.running:
|
||||
- name: haproxy
|
||||
- enable: True
|
||||
- reload: True
|
||||
- require:
|
||||
- pkg: haproxy
|
||||
file: haproxy.service
|
||||
- watch:
|
||||
- file: haproxy.config
|
||||
file.managed:
|
||||
{% else %}
|
||||
service.dead:
|
||||
- name: haproxy
|
||||
- enable: False
|
||||
{% endif %}
|
||||
file.replace:
|
||||
- name: /etc/default/haproxy
|
||||
#TODO: Add switch to turn the service on and off based on pillar configuration.
|
||||
- source: salt://haproxy/files/haproxy-init-enable
|
||||
- create: True
|
||||
- user: "root"
|
||||
- group: "root"
|
||||
- mode: "0644"
|
||||
{% if salt['pillar.get']('haproxy:enabled', True) %}
|
||||
- pattern: ENABLED=0$
|
||||
- repl: ENABLED=1
|
||||
{% else %}
|
||||
- pattern: ENABLED=1$
|
||||
- repl: ENABLED=0
|
||||
{% endif %}
|
||||
- show_changes: True
|
||||
|
|
|
@ -3,11 +3,14 @@
|
|||
#
|
||||
|
||||
haproxy:
|
||||
enabled: True
|
||||
config_file_path: /etc/haproxy/haproxy.cfg
|
||||
global:
|
||||
stats:
|
||||
enable: True
|
||||
socketpath: /var/lib/haproxy/stats
|
||||
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
||||
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
||||
|
||||
user: haproxy
|
||||
group: haproxy
|
||||
|
@ -34,6 +37,11 @@ haproxy:
|
|||
- server 1m
|
||||
- http-keep-alive 10s
|
||||
- check 10s
|
||||
stats:
|
||||
- enable
|
||||
- uri: '/admin?stats'
|
||||
- realm: 'Haproxy\ Statistics'
|
||||
- auth: 'admin1:AdMiN123'
|
||||
|
||||
errorfiles:
|
||||
400: /etc/haproxy/errors/400.http
|
||||
|
@ -44,6 +52,46 @@ haproxy:
|
|||
503: /etc/haproxy/errors/503.http
|
||||
504: /etc/haproxy/errors/504.http
|
||||
|
||||
{# Suported by HAProxy 1.6 #}
|
||||
resolvers:
|
||||
local_dns:
|
||||
options:
|
||||
- nameserver resolvconf 127.0.0.1:53
|
||||
- resolve_retries 3
|
||||
- timeout retry 1s
|
||||
- hold valid 10s
|
||||
|
||||
|
||||
listens:
|
||||
stats:
|
||||
bind:
|
||||
- "0.0.0.0:8998"
|
||||
mode: http
|
||||
stats:
|
||||
enable: True
|
||||
uri: "/admin?stats"
|
||||
refresh: "20s"
|
||||
myservice:
|
||||
bind:
|
||||
- "*:8888"
|
||||
options:
|
||||
- forwardfor
|
||||
- http-server-close
|
||||
defaultserver:
|
||||
slowstart: 60s
|
||||
maxconn: 256
|
||||
maxqueue: 128
|
||||
weight: 100
|
||||
servers:
|
||||
web1:
|
||||
host: web1.example.com
|
||||
port: 80
|
||||
check: check
|
||||
web2:
|
||||
host: web2.example.com
|
||||
port: 18888
|
||||
check: check
|
||||
|
||||
frontends:
|
||||
frontend1:
|
||||
name: www-http
|
||||
|
@ -53,8 +101,7 @@ haproxy:
|
|||
- "X-Forwarded-Proto:\\ http"
|
||||
default_backend: www-backend
|
||||
|
||||
frontend2:
|
||||
name: www-https
|
||||
www-https:
|
||||
bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
|
||||
reqadd:
|
||||
- "X-Forwarded-Proto:\\ https"
|
||||
|
@ -63,7 +110,12 @@ haproxy:
|
|||
- url_static path_beg -i /static /images /javascript /stylesheets
|
||||
- url_static path_end -i .jpg .gif .png .css .js
|
||||
use_backends:
|
||||
- static if url_static
|
||||
- static-backend if url_static
|
||||
some-services:
|
||||
bind:
|
||||
- "*:8080"
|
||||
- "*:8088"
|
||||
default_backend: api-backend
|
||||
|
||||
backends:
|
||||
backend1:
|
||||
|
@ -76,8 +128,7 @@ haproxy:
|
|||
host: 192.168.1.213
|
||||
port: 80
|
||||
check: check
|
||||
backend2:
|
||||
name: static
|
||||
static-backend:
|
||||
balance: roundrobin
|
||||
redirect: scheme https if !{ ssl_fc }
|
||||
options:
|
||||
|
@ -92,8 +143,39 @@ haproxy:
|
|||
realm: LoadBalancer
|
||||
auth: "user:password"
|
||||
servers:
|
||||
server1:
|
||||
name: some-server
|
||||
some-server:
|
||||
host: 123.156.189.111
|
||||
port: 8080
|
||||
check: check
|
||||
api-backend:
|
||||
options:
|
||||
- http-server-close
|
||||
- forwardfor
|
||||
servers:
|
||||
apiserver1:
|
||||
host: apiserver1.example.com
|
||||
port: 80
|
||||
check: check
|
||||
server2:
|
||||
name: apiserver2
|
||||
host: apiserver2.example.com
|
||||
port: 80
|
||||
check: check
|
||||
extra: resolvers local_dns resolve-prefer ipv4
|
||||
another_www:
|
||||
mode: tcp
|
||||
balance: source
|
||||
sticktable: "type binary len 32 size 30k expire 30m"
|
||||
acls:
|
||||
- clienthello req_ssl_hello_type 1
|
||||
- serverhello rep_ssl_hello_type 2
|
||||
tcprequests:
|
||||
- "inspect-delay 5s"
|
||||
- "content accept if clienthello"
|
||||
tcpresponses:
|
||||
- "content accept if serverhello"
|
||||
stickons:
|
||||
- "payload_lv(43,1) if clienthello"
|
||||
reqrep:
|
||||
- "^([^\ :]*)\ /static/(.*) \1\ \2"
|
||||
options: "ssl-hello-chk"
|
||||
|
|
Loading…
Reference in a new issue