2022-10-01 20:06:19 +02:00
|
|
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
|
|
|
{%- from "haproxy/map.jinja" import haproxy,certs with context %}
|
|
|
|
|
|
|
|
{%- macro internal_access() -%}
|
|
|
|
acl internal src -f /etc/haproxy/access
|
|
|
|
http-response return status 403 default-errorfiles if ! internal
|
|
|
|
{%- endmacro -%}
|
|
|
|
|
|
|
|
{%- macro handle_head() -%}
|
|
|
|
http-request return status 200 if { method -i HEAD }
|
|
|
|
{%- endmacro -%}
|
|
|
|
|
|
|
|
{%- macro handle_endpoints(endpoints, check, ssl) -%}
|
|
|
|
{%- for endpoint in endpoints %}
|
|
|
|
server {{ endpoint.name }} {{ endpoint.name }}:{{ endpoint.port }}{{ " check observe layer7 " if check|default(true) }}{{ " ssl verify none " if ssl|default(false) }}
|
|
|
|
{%- endfor %}
|
|
|
|
{%- endmacro -%}
|
|
|
|
|
|
|
|
{%- macro admin() -%}
|
|
|
|
listen stats
|
|
|
|
mode http
|
|
|
|
bind *:7000 v4v6
|
|
|
|
stats enable
|
|
|
|
stats refresh 5s
|
|
|
|
stats uri /
|
|
|
|
{%- endmacro -%}
|
|
|
|
|
|
|
|
{%- macro api() -%}
|
|
|
|
listen stats
|
|
|
|
mode http
|
|
|
|
bind *:7000 v4v6
|
|
|
|
stats enable
|
|
|
|
stats refresh 5s
|
|
|
|
stats uri /
|
|
|
|
{%- endmacro %}
|
|
|
|
|
|
|
|
global
|
2022-10-10 10:16:32 +02:00
|
|
|
{%- for filename in haproxy.scripts %}
|
|
|
|
lua-load {{ haproxy.config.dir }}/scripts/{{ filename }}
|
|
|
|
{%- endfor %}
|
2022-10-01 20:06:19 +02:00
|
|
|
maxconn 1000
|
|
|
|
stats socket ipv4@127.0.0.1:9990 level admin
|
|
|
|
stats socket /var/run/hap-lb.sock mode 666 level admin
|
|
|
|
stats timeout 2m
|
|
|
|
ssl-default-bind-ciphers {{ haproxy.config.ssl_ciphers|join(":") }}
|
|
|
|
ssl-default-bind-options {{ haproxy.config.ssl_options|join(" ") }}
|
|
|
|
ssl-default-server-ciphers {{ haproxy.config.ssl_ciphers|join(":") }}
|
|
|
|
ssl-default-server-options {{ haproxy.config.ssl_options|join(" ") }}
|
|
|
|
crt-base {{ haproxy.config.acme_dir }}/certs
|
|
|
|
ssl-dh-param-file {{ haproxy.config.acme_dir }}/dh/dh.pem
|
|
|
|
|
|
|
|
defaults
|
|
|
|
{%- for default in haproxy.config.defaults.keys() %}
|
|
|
|
{{ default }}
|
|
|
|
{%- endfor %}
|
|
|
|
|
|
|
|
{%- if haproxy.config.admin %}
|
2022-10-10 10:16:32 +02:00
|
|
|
{{ admin() }}
|
2022-10-01 20:06:19 +02:00
|
|
|
{%- endif %}
|
|
|
|
|
2022-10-10 10:16:32 +02:00
|
|
|
cache static
|
|
|
|
total-max-size 4095
|
|
|
|
max-object-size 50000
|
|
|
|
max-age 120
|
|
|
|
|
2022-10-01 20:06:19 +02:00
|
|
|
frontend http
|
|
|
|
bind *:80,:::80 v4v6
|
|
|
|
mode http
|
|
|
|
acl http ssl_fc,not
|
|
|
|
http-request redirect scheme https if http
|
|
|
|
|
|
|
|
frontend https
|
|
|
|
bind *:443,:::443 v4v6 {% for cert in certs %}{{ " ssl crt " + cert + " " }}{% endfor %}
|
|
|
|
{%- for name, values in haproxy.config.vhosts.items() %}
|
|
|
|
use_backend {{ name }} if { hdr(Host) -i {{ values.host }} }
|
|
|
|
{%- endfor %}
|
|
|
|
default_backend nginx
|
|
|
|
|
|
|
|
{% for name, values in haproxy.config.vhosts.items() %}
|
|
|
|
backend {{ name }}
|
|
|
|
balance {{ values.balance|default("roundrobin") }}
|
|
|
|
{%- if values.handle_head|default(false) %}
|
|
|
|
{{ handle_head() }}
|
|
|
|
{%- endif %}
|
2022-10-10 10:16:32 +02:00
|
|
|
{%- if values.usecache|default(true) %}
|
|
|
|
http-request cache-use static if { path_end .css .js .png .jpg }
|
|
|
|
http-response cache-store static
|
|
|
|
{%- endif %}
|
2022-10-01 20:06:19 +02:00
|
|
|
{%- if values.internal_access|default(false) %}
|
|
|
|
{{ internal_access() }}
|
|
|
|
{%- endif %}
|
|
|
|
{{- handle_endpoints(values.endpoints, values.check, values.ssl) }}
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
{% for name, values in haproxy.config.services.items() %}
|
|
|
|
listen {{ name }}
|
|
|
|
bind :::{{ values.port }} v4v6
|
|
|
|
mode tcp
|
|
|
|
{%- if values.type == "postgres" %}
|
|
|
|
option pgsql-check user postgres
|
|
|
|
{%- endif %}
|
|
|
|
default-server inter 3s fall 3
|
|
|
|
{%- for endpoint in values.endpoints %}
|
2022-10-10 10:16:32 +02:00
|
|
|
server {{ endpoint.name }} {{ endpoint.name }}:{{ endpoint.port }} check {{ "backup" if endpoint.backup|default(false) }} port {{ endpoint.port }}
|
2022-10-01 20:06:19 +02:00
|
|
|
{%- endfor %}
|
|
|
|
{% endfor %}
|