Merge pull request #14 from MrMarvin/feature/ssl-default-bind
adds ssl-default-bind options to template
This commit is contained in:
commit
3efc2f8d81
2 changed files with 8 additions and 1 deletions
|
@ -24,7 +24,12 @@ global
|
|||
# Stats support is currently limited to socket mode
|
||||
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
|
||||
{%- endif %}
|
||||
|
||||
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %}
|
||||
ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }}
|
||||
{%- endif %}
|
||||
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %}
|
||||
ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }}
|
||||
{%- endif %}
|
||||
|
||||
#------------------
|
||||
# common defaults that all the 'listen' and 'backend' sections will
|
||||
|
|
|
@ -9,6 +9,8 @@ haproxy:
|
|||
stats:
|
||||
enable: True
|
||||
socketpath: /var/lib/haproxy/stats
|
||||
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
||||
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
||||
|
||||
user: haproxy
|
||||
group: haproxy
|
||||
|
|
Loading…
Reference in a new issue