paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated haproxy state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-03-14 21:25:46 +01:00
parent 2b42f3b478
commit 2dd556391f
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
states/haproxy/defaults.yaml
View File

@ -88,6 +88,7 @@ haproxy:
https_port: 443
capture_length: 200
admin: false
quic: true
api:
enable: true
filesocket: /var/run/haproxy-admin.sock

6
states/haproxy/templates/haproxy.cfg.j2
View File

@ -115,10 +115,12 @@ global
tune.lua.maxmem {{ haproxy.config.lua_max_mem }}
{% if haproxy.config.quic|default(true) %}
expose-experimental-directives
.if feature(QUIC)
limited-quic
.endif
{% endif %}
# Defaults values
defaults {{ haproxy.config.namespace }}
@ -188,9 +190,11 @@ frontend fe_http from {{ haproxy.config.namespace }}
# Default HTTPS frontend
frontend fe_https from {{ haproxy.config.namespace }}
{% if haproxy.config.quic|default(true) %}
.if feature(QUIC)
bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https
.endif
{% endif %}
bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
mode http
option httplog
@ -249,9 +253,11 @@ frontend fe_https from {{ haproxy.config.namespace }}
http-response set-header Server "{{ haproxy.config.servername }}"
http-response set-header X-Random "%[var(txn.random)]"
http-response set-header X-Robots-Tag noindex
{% if haproxy.config.quic|default(true) %}
.if feature(QUIC)
http-response set-header Alt-Svc "h3=\":443\"; ma=3600"
.endif
{% endif %}
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
http-request deny deny_status 404 unless domains || ua