Browse Source

Initial commit

master
Alex 2 years ago
commit
2d906bc423
Signed by: caskd GPG Key ID: F92BA85F61F4C173
  1. 12
      tasks/main.yml
  2. 66
      templates/haproxy.conf.j2
  3. 4
      vars/main.yml

12
tasks/main.yml

@ -0,0 +1,12 @@
- name: Copy HAProxy files
loop:
- { src: 'haproxy.conf.j2', dest: '/etc/haproxy/haproxy.cfg' }
template:
follow: yes
src: "{{ item.src }}"
dest: "{{ item.dest }}"
notify: Run service actions
tags:
- update
- haproxy
- configs

66
templates/haproxy.conf.j2

@ -0,0 +1,66 @@
global
maxconn 2048
maxconnrate 40
unix-bind prefix /run/haproxy user nobody group nogroup
defaults
mode http
retries 1
option forwardfor
option http-keep-alive
option tcp-smart-connect
option tcpka
option http-buffer-request
balance roundrobin
compression algo gzip
timeout http-request 10s
timeout connect 10s
timeout client 60s
timeout server 240s
timeout http-keep-alive 240s
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
resolvers local
nameserver unbound 127.0.0.1:53
resolve_retries 2
timeout retry 300ms
hold other 100ms
hold refused 100ms
hold nx 100ms
hold timeout 3s
hold valid 5s
{% for entry in services.haproxy.ports.tcp %}
listen {{ entry.group }}
mode tcp
bind ipv4@*:{{ entry.expose }},ipv6@*:{{ entry.expose }}
option tcp-check
{% for host in groups[entry.group] %}
server {{ entry.group }}-{{ loop.index0 }} {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}:{{ entry.proxy }} {% if loop.index0 != 0 %}backup{% endif %}
{% endfor %}
{% endfor %}
frontend http
mode http
bind /haproxy.sock mode 660
acl root url /
{% for domains in services.haproxy.public %}
use_backend backend-{{ domains.service }} if { hdr_beg(host) -i {{ domains.domain }} }
{% endfor %}
http-response add-header X-Forwarded-Proto https
http-response set-header X-XSS-Protection 1;\ mode=block
http-response set-header X-Content-Type-Options nosniff
http-response set-header Referrer-Policy no-referrer-when-downgrade
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
{% for domains in services.haproxy.public %}
backend backend-{{ domains.service }}
server-template {{ domains.service }} 1 _{{ domains.service }}._tcp.redxen.localhost
{% if domains.httpchk %}
option httpchk HEAD / HTTP/1.1\r\nHost:\ {{ domains.domain }}.redxen.eu
{% endif %}
{% endfor %}

4
vars/main.yml

@ -0,0 +1,4 @@
apt_packages:
- { package: "haproxy", state: present }
systemd:
- { name: "haproxy", enabled: true, action: reloaded, daemon_reload: true}