RedXen/ansible-haproxy
RedXen
/
ansible-haproxy
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2020-07-02. You can view files and clone it, but cannot push or open issues or pull requests.
ansible-haproxy/templates/haproxy.conf.j2

68 lines
2.0 KiB
Django/Jinja
Raw Blame History

global
maxconn 2048
maxconnrate 40
unix-bind prefix {{ haproxy.socketroot }} user {{ haproxy.user }} group {{ haproxy.group }}
stats socket {{ haproxy.socketroot }}/haproxy-stats.sock mode 666 level admin
defaults
mode http
retries 1
option forwardfor
option http-keep-alive
option tcp-smart-connect
option tcpka
option http-buffer-request
balance roundrobin
compression algo gzip
timeout http-request 10s
timeout connect 10s
timeout client 60s
timeout server 240s
timeout http-keep-alive 240s
default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check
resolvers local
nameserver unbound 127.0.0.1:53
resolve_retries 2
timeout retry 300ms
hold other 100ms
hold refused 100ms
hold nx 100ms
hold timeout 3s
hold valid 5s
{% for entry in haproxy.ports.tcp %}
listen {{ entry.group }}
mode tcp
bind ipv4@*:{{ entry.expose }},ipv6@*:{{ entry.expose }}
option tcp-check
{% for host in groups[entry.group] %}
server {{ entry.group }}-{{ loop.index0 }} {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}:{{ entry.proxy }} {% if loop.index0 != 0 %}backup{% endif %}
{% endfor %}
{% endfor %}
frontend http
mode http
bind /haproxy.sock mode 660
acl root url /
{% for domains in haproxy.public %}
use_backend backend-{{ domains.service }} if { hdr_beg(host) -i {{ domains.domain }} }
{% endfor %}
http-response add-header X-Forwarded-Proto https
http-response set-header X-XSS-Protection 1;\ mode=block
http-response set-header X-Content-Type-Options nosniff
http-response set-header Referrer-Policy no-referrer-when-downgrade
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
{% for domains in haproxy.public %}
backend backend-{{ domains.service }}
server-template {{ domains.service }} {{ domains.count }} _{{ domains.service }}._tcp.redxen.localhost
{% if domains.httpchk %}
option httpchk HEAD / HTTP/1.1\r\nHost:\ {{ domains.domain }}.redxen.eu
{% endif %}
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink