Merge pull request #14 from MrMarvin/feature/ssl-default-bind

adds ssl-default-bind options to template
This commit is contained in:
Forrest 2015-07-29 11:02:44 -07:00
commit 3efc2f8d81
2 changed files with 8 additions and 1 deletions

View file

@ -24,7 +24,12 @@ global
# Stats support is currently limited to socket mode
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
{%- endif %}
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %}
ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }}
{%- endif %}
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %}
ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }}
{%- endif %}
#------------------
# common defaults that all the 'listen' and 'backend' sections will

View file

@ -9,6 +9,8 @@ haproxy:
stats:
enable: True
socketpath: /var/lib/haproxy/stats
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
user: haproxy
group: haproxy