Compare commits
36 commits
revert-51-
...
master
Author | SHA1 | Date | |
---|---|---|---|
|
654fedfeab | ||
|
dafe8fd6a5 | ||
|
1cbdd4cb79 | ||
|
6493d24ad3 | ||
|
752c3e5641 | ||
|
2b83ca0860 | ||
|
0e697c67c9 | ||
|
5a1d62f9ac | ||
|
2f2feec25e | ||
|
40c7ac8c70 | ||
|
1c29ef813d | ||
|
2f2e0deca6 | ||
|
2d74c71933 | ||
|
d815b4615a | ||
|
4abfac0eec | ||
|
7d4313aaf8 | ||
|
f4ce186b37 | ||
|
44ec6ddfb5 | ||
|
39390e8618 | ||
|
991a502636 | ||
|
d8d86caa45 | ||
|
e7cddfe0e2 | ||
|
b69c7edebd | ||
|
4e5f7632b9 | ||
|
32a732a8c6 | ||
|
df3aeb1e4c | ||
|
0a550b89b9 | ||
|
dfd7468718 | ||
|
533f275d08 | ||
|
1b7e1794ef | ||
|
aeb1844e2f | ||
|
4586aea25c | ||
|
17c9373098 | ||
|
52a4e1a0a2 | ||
|
822db0e338 | ||
|
cbcb50ad84 |
8 changed files with 133 additions and 21 deletions
|
@ -35,7 +35,7 @@ Currently, only a handful of options can be set using the pillar:
|
||||||
|
|
||||||
- Global
|
- Global
|
||||||
|
|
||||||
+ stats: enable stats, curently only via a unix socket which can be set to a path
|
+ stats: enable stats, curently only via a unix socket which can be set to a path with custom permissions
|
||||||
+ user: sets the user haproxy shall run as
|
+ user: sets the user haproxy shall run as
|
||||||
+ group: sets the group haproxy shall run as
|
+ group: sets the group haproxy shall run as
|
||||||
+ chroot: allows you to turn on chroot and set a directory
|
+ chroot: allows you to turn on chroot and set a directory
|
||||||
|
@ -74,6 +74,7 @@ Currently, only a handful of options can be set using the pillar:
|
||||||
+ port: the port to contact the server on
|
+ port: the port to contact the server on
|
||||||
+ check: set to check to enable checking
|
+ check: set to check to enable checking
|
||||||
|
|
||||||
|
- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.
|
||||||
|
|
||||||
``haproxy.service``
|
``haproxy.service``
|
||||||
-------------------
|
-------------------
|
||||||
|
|
|
@ -1,12 +1,19 @@
|
||||||
|
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||||
|
|
||||||
|
{% set config_file = salt['pillar.get']('haproxy:config_file_path', haproxy.config_file) %}
|
||||||
haproxy.config:
|
haproxy.config:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: {{ salt['pillar.get']('haproxy:config_file_path', '/etc/haproxy/haproxy.cfg') }}
|
- name: {{ config_file }}
|
||||||
- source: salt://haproxy/templates/haproxy.jinja
|
- source: {{ haproxy.config_file_source }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: root
|
- user: {{ haproxy.user }}
|
||||||
- group: root
|
- group: {{ haproxy.group }}
|
||||||
- mode: 644
|
- mode: 644
|
||||||
- require_in:
|
- require_in:
|
||||||
- service: haproxy.service
|
- service: haproxy.service
|
||||||
- watch_in:
|
- watch_in:
|
||||||
- service: haproxy.service
|
- service: haproxy.service
|
||||||
|
{% if salt['pillar.get']('haproxy:overwrite', default=True) == False %}
|
||||||
|
- unless:
|
||||||
|
- test -e {{ config_file }}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -3,11 +3,10 @@
|
||||||
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
|
# Meta-state to fully setup haproxy on debian. (or any other distro that has haproxy in their repo)
|
||||||
|
|
||||||
include:
|
include:
|
||||||
{% if salt['pillar.get']('haproxy:include') %}
|
{%- set haproxy_items = salt['pillar.get']('haproxy:include', []) %}
|
||||||
{% for item in salt['pillar.get']('haproxy:include') %}
|
{%- for item in haproxy_items %}
|
||||||
- {{ item }}
|
- {{ item }}
|
||||||
{% endfor %}
|
{%- endfor %}
|
||||||
{% endif %}
|
|
||||||
- haproxy.install
|
- haproxy.install
|
||||||
- haproxy.service
|
- haproxy.service
|
||||||
- haproxy.config
|
- haproxy.config
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
|
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||||
|
|
||||||
haproxy.install:
|
haproxy.install:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- name: haproxy
|
- name: {{ haproxy.package }}
|
||||||
{% if salt['pillar.get']('haproxy:require') %}
|
{% if salt['pillar.get']('haproxy:require') %}
|
||||||
- require:
|
- require:
|
||||||
{% for item in salt['pillar.get']('haproxy:require') %}
|
{% for item in salt['pillar.get']('haproxy:require') %}
|
||||||
|
|
14
haproxy/map.jinja
Normal file
14
haproxy/map.jinja
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{% set haproxy = salt['grains.filter_by']({
|
||||||
|
'default': {
|
||||||
|
'package': 'haproxy',
|
||||||
|
'config_file': '/etc/haproxy/haproxy.cfg',
|
||||||
|
'config_file_source': 'salt://haproxy/templates/haproxy.jinja',
|
||||||
|
'user': 'root',
|
||||||
|
'group': 'root',
|
||||||
|
'service': 'haproxy',
|
||||||
|
},
|
||||||
|
'FreeBSD': {
|
||||||
|
'group': 'wheel',
|
||||||
|
},
|
||||||
|
}, merge=salt['pillar.get']('haproxy:lookup'), base='default') %}
|
||||||
|
|
|
@ -1,17 +1,19 @@
|
||||||
|
{% from "haproxy/map.jinja" import haproxy with context %}
|
||||||
|
|
||||||
haproxy.service:
|
haproxy.service:
|
||||||
{% if salt['pillar.get']('haproxy:enable', True) %}
|
{% if salt['pillar.get']('haproxy:enable', True) %}
|
||||||
service.running:
|
service.running:
|
||||||
- name: haproxy
|
- name: {{ haproxy.service }}
|
||||||
- enable: True
|
- enable: True
|
||||||
- reload: True
|
- reload: True
|
||||||
- require:
|
- require:
|
||||||
- pkg: haproxy
|
- pkg: haproxy.install
|
||||||
{% if salt['grains.get']('os_family') == 'Debian' %}
|
{% if salt['grains.get']('os_family') == 'Debian' %}
|
||||||
- file: haproxy.service
|
- file: haproxy.service
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
service.dead:
|
service.dead:
|
||||||
- name: haproxy
|
- name: {{ haproxy.service }}
|
||||||
- enable: False
|
- enable: False
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if salt['grains.get']('os_family') == 'Debian' %}
|
{% if salt['grains.get']('os_family') == 'Debian' %}
|
||||||
|
|
|
@ -23,8 +23,14 @@
|
||||||
# Global settings
|
# Global settings
|
||||||
#------------------
|
#------------------
|
||||||
global
|
global
|
||||||
|
{%- if salt['pillar.get']('haproxy:global:log', []) != [] %}
|
||||||
|
{%- for log in salt['pillar.get']('haproxy:global:log') %}
|
||||||
|
log {{log}}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- else %}
|
||||||
log /dev/log local0
|
log /dev/log local0
|
||||||
log /dev/log local1 notice
|
log /dev/log local1 notice
|
||||||
|
{%- endif %}
|
||||||
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
|
user {{ salt['pillar.get']('haproxy:global:user', 'haproxy') }}
|
||||||
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
|
group {{ salt['pillar.get']('haproxy:global:group', 'haproxy') }}
|
||||||
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
|
{%- if salt['pillar.get']('haproxy:global:chroot:enable', 'no') == True %}
|
||||||
|
@ -34,7 +40,7 @@ global
|
||||||
daemon
|
daemon
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
|
{%- if salt['pillar.get']('haproxy:global:stats:enable', 'no') == True %}
|
||||||
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
|
stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }} mode {{ salt['pillar.get']('haproxy:global:stats:mode', '660') }} level {{ salt['pillar.get']('haproxy:global:stats:level', 'operator') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
|
{%- if 'maxconn' in salt['pillar.get']('haproxy:global', {}) %}
|
||||||
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
|
maxconn {{ salt['pillar.get']('haproxy:global:maxconn') }}
|
||||||
|
@ -63,6 +69,15 @@ global
|
||||||
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
|
{%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
|
||||||
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
|
{{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
|
||||||
|
{%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
|
||||||
|
{{ salt['pillar.get']('haproxy:global:extra') }}
|
||||||
|
{%- else %}
|
||||||
|
{%- for line in salt['pillar.get']('haproxy:global:extra') %}
|
||||||
|
{{ line }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %}
|
{%- for id, userlist in salt['pillar.get']('haproxy:userlists', {})|dictsort %}
|
||||||
#------------------
|
#------------------
|
||||||
|
@ -89,13 +104,21 @@ userlist {{ id }}
|
||||||
#------------------
|
#------------------
|
||||||
defaults
|
defaults
|
||||||
log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
|
log {{ salt['pillar.get']('haproxy:defaults:log', 'global') }}
|
||||||
|
{%- if 'mode' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
|
mode {{ salt['pillar.get']('haproxy:defaults:mode', 'http') }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if 'retries' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
|
retries {{ salt['pillar.get']('haproxy:defaults:retries', '3') }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if 'balance' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
|
balance {{ salt['pillar.get']('haproxy:defaults:balance', 'roundrobin') }}
|
||||||
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
{%- endif %}
|
||||||
|
{%- if 'monitoruri' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
|
monitor-uri {{ salt['pillar.get']('haproxy:defaults:monitoruri') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'hashtype' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
|
hash-type {{ salt['pillar.get']('haproxy:defaults:hashtype', 'map-based') }}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
{%- if 'options' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
||||||
{{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
|
{{- render_list_of_dictionaries('option', salt['pillar.get']('haproxy:defaults:options')) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
@ -117,6 +140,15 @@ defaults
|
||||||
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
{%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
|
||||||
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
|
{{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
|
{%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
|
||||||
|
{{ salt['pillar.get']('haproxy:defaults:extra') }}
|
||||||
|
{%- else %}
|
||||||
|
{%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
|
||||||
|
{{ line }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
|
{%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
|
||||||
{%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
|
{%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
|
||||||
errorfile {{ errorfile_name }} {{ errorfile }}
|
errorfile {{ errorfile_name }} {{ errorfile }}
|
||||||
|
@ -200,7 +232,7 @@ listen {{ listener.get('name', listener_name) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if 'tcprequests' in listener %}
|
{%- if 'tcprequests' in listener %}
|
||||||
{%- if listener.tcprequests is string %}
|
{%- if listener.tcprequests is string %}
|
||||||
tcp-request {{ listner.tcprequests }}
|
tcp-request {{ listener.tcprequests }}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
{%- for tcprequest in listener.tcprequests %}
|
{%- for tcprequest in listener.tcprequests %}
|
||||||
tcp-request {{ tcprequest }}
|
tcp-request {{ tcprequest }}
|
||||||
|
@ -275,6 +307,11 @@ listen {{ listener.get('name', listener_name) }}
|
||||||
{%- if 'maxconn' in listener %}
|
{%- if 'maxconn' in listener %}
|
||||||
maxconn {{ listener.maxconn }}
|
maxconn {{ listener.maxconn }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'timeouts' in listener %}
|
||||||
|
{%- for timeout in listener.timeouts %}
|
||||||
|
timeout {{ timeout }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'options' in listener %}
|
{%- if 'options' in listener %}
|
||||||
{%- if listener.options is string %}
|
{%- if listener.options is string %}
|
||||||
option {{ listener.options }}
|
option {{ listener.options }}
|
||||||
|
@ -303,12 +340,20 @@ listen {{ listener.get('name', listener_name) }}
|
||||||
appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %}
|
appsession {%- for option in listener.appsession %} {{ option }} {%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'extra' in listener %}
|
||||||
|
{%- if listener.extra is string %}
|
||||||
|
{{ listener.extra }}
|
||||||
|
{%- else %}
|
||||||
|
{%- for line in listener.extra %}
|
||||||
|
{{ line }} {%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'defaultserver' in listener %}
|
{%- if 'defaultserver' in listener %}
|
||||||
default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if 'servers' in listener %}
|
{%- if 'servers' in listener %}
|
||||||
{%- for server_name, server in listener.servers|dictsort %}
|
{%- for server_name, server in listener.servers|dictsort %}
|
||||||
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
|
server {{ server.get('name', server_name) }} {{ server.host }}{% if 'port' in server %}:{{ server.port }}{% endif %} {% if 'maxconn' in server %} maxconn {{ server.maxconn }}{% endif %} {{ server.get('check', '') }} {{ server.get('extra', '') }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -335,6 +380,11 @@ frontend {{ frontend.get('name', frontend_name) }}
|
||||||
{%- if 'maxconn' in frontend %}
|
{%- if 'maxconn' in frontend %}
|
||||||
maxconn {{ frontend.maxconn }}
|
maxconn {{ frontend.maxconn }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'timeouts' in frontend %}
|
||||||
|
{%- for timeout in frontend.timeouts %}
|
||||||
|
timeout {{ timeout }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'options' in frontend %}
|
{%- if 'options' in frontend %}
|
||||||
{{- render_list_of_dictionaries('option', frontend.options) }}
|
{{- render_list_of_dictionaries('option', frontend.options) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
@ -389,6 +439,15 @@ frontend {{ frontend.get('name', frontend_name) }}
|
||||||
{%- if 'stickons' in frontend %}
|
{%- if 'stickons' in frontend %}
|
||||||
{{- render_list_of_dictionaries('stickon', frontend.stickons) }}
|
{{- render_list_of_dictionaries('stickon', frontend.stickons) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'extra' in frontend %}
|
||||||
|
{%- if frontend.extra is string %}
|
||||||
|
{{ frontend.extra }}
|
||||||
|
{%- else %}
|
||||||
|
{%- for line in frontend.extra %}
|
||||||
|
{{ line }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'default_backend' in frontend %}
|
{%- if 'default_backend' in frontend %}
|
||||||
default_backend {{ frontend.default_backend }}
|
default_backend {{ frontend.default_backend }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
@ -413,6 +472,11 @@ backend {{ backend.get('name', backend_name) }}
|
||||||
{%- if 'balance' in backend %}
|
{%- if 'balance' in backend %}
|
||||||
balance {{ backend.balance }}
|
balance {{ backend.balance }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'timeouts' in backend %}
|
||||||
|
{%- for timeout in backend.timeouts %}
|
||||||
|
timeout {{ timeout }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'options' in backend %}
|
{%- if 'options' in backend %}
|
||||||
{%- if backend.options is string %}
|
{%- if backend.options is string %}
|
||||||
option {{ backend.options }}
|
option {{ backend.options }}
|
||||||
|
@ -500,6 +564,15 @@ backend {{ backend.get('name', backend_name) }}
|
||||||
{%- if 'reqreps' in backend %}
|
{%- if 'reqreps' in backend %}
|
||||||
{{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
|
{{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- if 'extra' in backend %}
|
||||||
|
{%- if backend.extra is string %}
|
||||||
|
{{ backend.extra }}
|
||||||
|
{%- else %}
|
||||||
|
{%- for line in backend.extra %}
|
||||||
|
{{ line }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endif %}
|
||||||
{%- if 'defaultserver' in backend %}
|
{%- if 'defaultserver' in backend %}
|
||||||
default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
|
@ -3,12 +3,24 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
haproxy:
|
haproxy:
|
||||||
|
# use lookup section to override 'map.jinja' values
|
||||||
|
#lookup:
|
||||||
|
#user: 'custom-user'
|
||||||
|
#group: 'custom-group'
|
||||||
|
# new setting to override configuration file path
|
||||||
|
#config_file: /etc/haproxy/haproxy.cfg
|
||||||
enabled: True
|
enabled: True
|
||||||
config_file_path: /etc/haproxy/haproxy.cfg
|
overwrite: True # Overwrite an existing config file if present (default behaviour unless set to false)
|
||||||
|
# old setting to override configuration file path, kept for compatibility
|
||||||
|
#config_file_path: /etc/haproxy/haproxy.cfg
|
||||||
global:
|
global:
|
||||||
|
log:
|
||||||
|
- 127.0.0.1 local2
|
||||||
|
- 127.0.0.1 local1 notice
|
||||||
stats:
|
stats:
|
||||||
enable: True
|
enable: True
|
||||||
socketpath: /var/lib/haproxy/stats
|
socketpath: /var/lib/haproxy/stats
|
||||||
|
mode: 660
|
||||||
level: admin
|
level: admin
|
||||||
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
|
||||||
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
|
||||||
|
@ -127,6 +139,7 @@ haproxy:
|
||||||
- url_static path_end -i .jpg .gif .png .css .js
|
- url_static path_end -i .jpg .gif .png .css .js
|
||||||
use_backends:
|
use_backends:
|
||||||
- static-backend if url_static
|
- static-backend if url_static
|
||||||
|
extra: "rspadd Strict-Transport-Security:\ max-age=15768000"
|
||||||
some-services:
|
some-services:
|
||||||
bind:
|
bind:
|
||||||
- "*:8080"
|
- "*:8080"
|
||||||
|
@ -139,6 +152,7 @@ haproxy:
|
||||||
balance: roundrobin
|
balance: roundrobin
|
||||||
redirects:
|
redirects:
|
||||||
- scheme https if !{ ssl_fc }
|
- scheme https if !{ ssl_fc }
|
||||||
|
extra: "reqidel ^X-Forwarded-For:"
|
||||||
servers:
|
servers:
|
||||||
server1:
|
server1:
|
||||||
name: server1-its-name
|
name: server1-its-name
|
||||||
|
@ -196,6 +210,6 @@ haproxy:
|
||||||
- "content accept if serverhello"
|
- "content accept if serverhello"
|
||||||
stickons:
|
stickons:
|
||||||
- "payload_lv(43,1) if clienthello"
|
- "payload_lv(43,1) if clienthello"
|
||||||
reqrep:
|
reqreps:
|
||||||
- "^([^\ :]*)\ /static/(.*) \1\ \2"
|
- '^([^\ :]*)\ /static/(.*) \1\ \2'
|
||||||
options: "ssl-hello-chk"
|
options: "ssl-hello-chk"
|
||||||
|
|
Loading…
Reference in a new issue