badjware
/
home-stack-ansible
1
0
Fork 0
Code Releases Activity

cleanup haproxy config

This commit is contained in:
Massaki Archambault 2023-06-09 01:21:05 -04:00
parent df5b8df96c
commit 992c60bf25
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all.yml
View File

@ -35,6 +35,7 @@ haproxy:
- hass.badjware.dev - hass.badjware.dev
- longhorn.badjware.dev - longhorn.badjware.dev
- traefik.badjware.dev - traefik.badjware.dev
- prometheus.badjware.dev
backend: backend:
- server: 192.168.20.20 - server: 192.168.20.20
- server: 192.168.20.21 - server: 192.168.20.21

11
roles/haproxy/templates/haproxy.cfg
View File

@ -62,15 +62,10 @@ frontend https_in
# set X-Forwarded-Proto # set X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https http-request set-header X-Forwarded-Proto https
# request is ssl
# tcp-request inspect-delay 5s
# tcp-request content accept if { req.ssl_hello_type 1 }
default_backend default_backend default_backend default_backend
{% for http_route in https_routing %} {% for http_route in https_routing %}
#use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { req.ssl_sni -i {% for src in http_route.frontend %}{{ src }} {% endfor %}} use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}{% if 'allowlist' in http_route %} { src {% for ip in http_route.allowlist %}{{ ip }} {% endfor %}}{% endif %}
use_backend https_{{ http_route.frontend[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in http_route.frontend %}{{ src }} {% endfor %}}{% if 'allowlist' in http_route %} { src {% for ip in http_route.allowlist %}{{ ip }} {% endfor %}}{% endif %}
{% endfor %} {% endfor %}
## BACKENDS ## ## BACKENDS ##
@ -98,13 +93,13 @@ backend https_{{ http_route.frontend[0]|replace('.','_') }}
mode http mode http
balance roundrobin balance roundrobin
{% for dst in http_route.backend %} {% for dst in http_route.backend %}
server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2,http/1.1{% endif %} {{ dst.extra_param|default('') }} server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2,http/1.1{% endif %} {{ dst.extra_param|default('') }}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
## TCP ## ## TCP ##
{% for tcp_route in tcp_routing %} {% for tcp_route in tcp_routing %}
frontend tcp_{{ tcp_route.frontend }} frontend tcp_{{ tcp_route.frontend }}
bind *:{{ tcp_route.frontend }} bind *:{{ tcp_route.frontend }}