This repository has been archived on 2020-07-02. You can view files and clone it, but cannot push or open issues or pull requests.
ansible-haproxy/templates/haproxy.conf.j2

81 lines
2.6 KiB
Django/Jinja

global
maxconn 2048
maxconnrate 40
unix-bind prefix {{ haproxy.socketroot }} user {{ haproxy.user }} group {{ haproxy.group }}
stats socket {{ haproxy.socketroot }}/haproxy-stats.sock mode 666 level admin
defaults
mode http
retries 1
option forwardfor
option http-keep-alive
option tcp-smart-connect
option tcpka
option http-buffer-request
balance roundrobin
compression algo gzip
timeout http-request 10s
timeout connect 10s
timeout client 60s
timeout server 240s
timeout http-keep-alive 240s
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
resolvers local
nameserver unbound 127.0.0.1:53
resolve_retries 2
timeout retry 300ms
hold other 100ms
hold refused 100ms
hold nx 100ms
hold timeout 3s
hold valid 5s
{% for entry in haproxy.ports.tcp %}
listen {{ entry.group }}
mode tcp
bind ipv4@*:{{ entry.expose }},ipv6@*:{{ entry.expose }}
option tcp-check
{% for host in groups[entry.group] %}
server {{ entry.group }}-{{ loop.index0 }} {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}:{{ entry.proxy }} {% if loop.index0 != 0 %}backup{% endif %}
{% endfor %}
{% endfor %}
frontend http
mode http
bind /haproxy.sock mode 660 alpn h2,http/1.1
acl root url /
{% for domains in haproxy.public %}
use_backend backend-{{ domains.service }}{% if domains.domain != "root" %} if { hdr_beg(host) -i {{ domains.domain }} }{% else %} if { hdr(host) -i redxen.eu }{% endif %}
{% endfor %}
{% for pfred in haproxy.redirect.prefix %}
redirect prefix {{ pfred.pfx }} code {{ pfred.code|default("302") }} {% if pfred.acl|default() %} if {{ pfred.acl }}{% endif %}
{% endfor %}
http-response add-header X-Forwarded-Proto https
http-response set-header X-XSS-Protection 1;\ mode=block
http-response set-header X-Content-Type-Options nosniff
http-response set-header Referrer-Policy no-referrer-when-downgrade
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
{% for domains in haproxy.public %}
backend backend-{{ domains.service }}
server-template {{ domains.service }} {{ domains.count }} _{{ domains.service }}._tcp.redxen.localhost
{% if domains.httpchk %}
option httpchk HEAD / HTTP/1.1\r\nHost:\ {{ domains.domain }}.redxen.eu
{% endif %}
{% endfor %}