badjware
/
home-stack-ansible
1
0
Fork 0
Code Releases Activity
home-stack-ansible/roles/haproxy/templates/haproxy.cfg

81 lines
2.0 KiB
INI
Raw Blame History

global
daemon
maxconn 1024
log 127.0.0.1 local0
stats timeout 30s
defaults
timeout connect 5s
timeout client 30s
timeout server 30s
log global
option forwardfor
option http-server-close
default-server init-addr last,none resolvers dns
resolvers dns
parse-resolv-conf
## FRONTENDS ##
# haproxy stuff
frontend http_management
bind *:8080
mode http
# redirects /status to haproxy monitor
monitor-uri /status
# redirects /stats to stats backend
acl prefixed-with-stats path_beg -i /stats
use_backend haproxy_stats if prefixed-with-stats
# redirects /metrics to metrics backend
acl prefixed-with-metrics path_beg -i /metrics
use_backend haproxy_metrics if prefixed-with-metrics
frontend http_in
bind *:80
mode http
http-request redirect scheme https code 302
frontend https_in
# backend is assumed to be http, perform ssl termination here
bind *:443 ssl crt /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem
# mode tcp
# request is ssl
# tcp-request inspect-delay 5s
# tcp-request content accept if { req.ssl_hello_type 1 }
{% for route in https_routing %}
# use_backend https_{{ route.src[0]|replace('.','_') }} if { req.ssl_sni -i {% for src in route.src %}{{ src }} {% endfor %}}
use_backend https_{{ route.src[0]|replace('.','_') }} if { hdr_end(host) -i {% for src in route.src %}{{ src }} {% endfor %}}
{% endfor %}
## BACKENDS ##
backend haproxy_stats
mode http
stats uri /stats
stats enable
stats refresh 10s
stats auth admin:admin
backend haproxy_metrics
mode http
http-request use-service prometheus-exporter
{% for route in https_routing %}
backend https_{{ route.src[0]|replace('.','_') }}
# mode tcp
balance roundrobin
{% for dst in route.dst %}
# server {{ dst }} {{ dst }}{% if ':' not in dst %}:443{% endif %} check
server {{ dst }} {{ dst }}{% if ':' not in dst %}:80{% endif %} check
{% endfor %}
{% endfor %}
View Git Blame Copy Permalink