adds ssl-default-bind options to template
This commit is contained in:
parent
b83deb4f28
commit
62981b47ad
2 changed files with 8 additions and 1 deletions
|
@ -24,7 +24,12 @@ global
|
||||||
# Stats support is currently limited to socket mode
|
# Stats support is currently limited to socket mode
|
||||||
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
|
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %}
|
||||||
|
ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %}
|
||||||
|
ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
#------------------
|
#------------------
|
||||||
# common defaults that all the 'listen' and 'backend' sections will
|
# common defaults that all the 'listen' and 'backend' sections will
|
||||||
|
|
|
@ -9,6 +9,8 @@ haproxy:
|
||||||
stats:
|
stats:
|
||||||
enable: True
|
enable: True
|
||||||
socketpath: /var/lib/haproxy/stats
|
socketpath: /var/lib/haproxy/stats
|
||||||
|
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
||||||
|
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
||||||
|
|
||||||
user: haproxy
|
user: haproxy
|
||||||
group: haproxy
|
group: haproxy
|
||||||
|
|
Loading…
Reference in a new issue