paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated haproxy state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-03-14 21:25:46 +01:00
parent 2b42f3b478
commit 2dd556391f
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
states/haproxy/defaults.yaml
View File

@ -88,6 +88,7 @@ haproxy:
https_port: 443 https_port: 443
capture_length: 200 capture_length: 200
admin: false admin: false
quic: true
api: api:
enable: true enable: true
filesocket: /var/run/haproxy-admin.sock filesocket: /var/run/haproxy-admin.sock

8
states/haproxy/templates/haproxy.cfg.j2
View File

@ -81,7 +81,7 @@ backend admin from {{ haproxy.config.namespace }}
{%- endmacro %} {%- endmacro %}
{%- macro geoip() %} {%- macro geoip() %}
# GeoIP # GeoIP
http-request set-var(txn.country) lua.country(req.src) http-request set-var(txn.country) lua.country(req.src)
http-request return status 200 content-type "text/html; charset=utf-8" lf-string "<html><body><p>ip: %[var(req.src)]</p><p>country: %[lua.country(req.src)]</p><p>city: %[lua.city(req.src)]<p></body></html>" if self_host path_location http-request return status 200 content-type "text/html; charset=utf-8" lf-string "<html><body><p>ip: %[var(req.src)]</p><p>country: %[lua.country(req.src)]</p><p>city: %[lua.city(req.src)]<p></body></html>" if self_host path_location
acl allowed_country var(txn.country),map_str(/etc/haproxy/maps/countries,OK) OK acl allowed_country var(txn.country),map_str(/etc/haproxy/maps/countries,OK) OK
@ -115,10 +115,12 @@ global
tune.lua.maxmem {{ haproxy.config.lua_max_mem }} tune.lua.maxmem {{ haproxy.config.lua_max_mem }}
{% if haproxy.config.quic|default(true) %}
expose-experimental-directives expose-experimental-directives
.if feature(QUIC) .if feature(QUIC)
limited-quic limited-quic
.endif .endif
{% endif %}
# Defaults values # Defaults values
defaults {{ haproxy.config.namespace }} defaults {{ haproxy.config.namespace }}
@ -188,9 +190,11 @@ frontend fe_http from {{ haproxy.config.namespace }}
# Default HTTPS frontend # Default HTTPS frontend
frontend fe_https from {{ haproxy.config.namespace }} frontend fe_https from {{ haproxy.config.namespace }}
{% if haproxy.config.quic|default(true) %}
.if feature(QUIC) .if feature(QUIC)
bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https
.endif .endif
{% endif %}
bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
mode http mode http
option httplog option httplog
@ -249,9 +253,11 @@ frontend fe_https from {{ haproxy.config.namespace }}
http-response set-header Server "{{ haproxy.config.servername }}" http-response set-header Server "{{ haproxy.config.servername }}"
http-response set-header X-Random "%[var(txn.random)]" http-response set-header X-Random "%[var(txn.random)]"
http-response set-header X-Robots-Tag noindex http-response set-header X-Robots-Tag noindex
{% if haproxy.config.quic|default(true) %}
.if feature(QUIC) .if feature(QUIC)
http-response set-header Alt-Svc "h3=\":443\"; ma=3600" http-response set-header Alt-Svc "h3=\":443\"; ma=3600"
.endif .endif
{% endif %}
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found } http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
http-request deny deny_status 404 unless domains || ua http-request deny deny_status 404 unless domains || ua