updated haproxy state

This commit is contained in:
Paul 2023-01-16 12:00:54 +01:00
parent 5daccc39c5
commit 506c43d00e
4 changed files with 39 additions and 48 deletions

View File

@ -13,7 +13,7 @@ haproxy-maps-{{ filename }}:
- service: haproxy-service - service: haproxy-service
{% endfor %} {% endfor %}
haproxy-config: haproxy-config-main:
file.managed: file.managed:
- name: {{ haproxy.config.dir }}/{{ haproxy.config.configfile }} - name: {{ haproxy.config.dir }}/{{ haproxy.config.configfile }}
- source: salt://haproxy/templates/haproxy.cfg.j2 - source: salt://haproxy/templates/haproxy.cfg.j2
@ -24,7 +24,7 @@ haproxy-config:
- watch_in: - watch_in:
- service: haproxy-service - service: haproxy-service
haproxy-spoe-config: haproxy-config-spoe:
file.managed: file.managed:
- name: {{ haproxy.config.dir }}/spoe.cfg - name: {{ haproxy.config.dir }}/spoe.cfg
- source: salt://haproxy/templates/spoe.cfg.j2 - source: salt://haproxy/templates/spoe.cfg.j2

View File

@ -3,6 +3,19 @@ haproxy:
enabled: true enabled: true
packages: packages:
- haproxy - haproxy
maps:
- access
- domains
- redirects
- vhosts
config:
dir: /etc/haproxy
configfile: haproxy.cfg
dirs:
- maps
- scripts
- mods
- errors
scripts: scripts:
- name: scripts/http.lua - name: scripts/http.lua
lib: true lib: true
@ -12,37 +25,27 @@ haproxy:
lib: false lib: false
- name: scripts/weight_by_latency.lua - name: scripts/weight_by_latency.lua
lib: false lib: false
maps:
- access
- domains
- redirects
- vhosts
config:
dir: /etc/haproxy
configfile: haproxy.cfg
namespace: paulbsd namespace: paulbsd
servername: "High-performance Web Server" user: haproxy
group: haproxy
servername: High-performance Web Server
http2: true http2: true
defaults: defaults:
#log: global #log: global
#log: 127.0.0.1 local0 #log: 127.0.0.1 local0
log: stdout format raw daemon info log: stdout format raw daemon info
retries: 2 retries: 2
timeout check: 1s timeout check: 2s
timeout client: 30m timeout client: 60m
timeout connect: 1s timeout connect: 2s
timeout server: 30m timeout server: 60m
unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid" unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"
balance: roundrobin balance: roundrobin
check: true check: true
user: haproxy
group: haproxy
http_port: 80 http_port: 80
https_port: 443 https_port: 443
capture_length: 200 capture_length: 200
admin: admin: false
enable: false
port: 7000
api: api:
enable: true enable: true
filesocket: /var/run/haproxy-admin.sock filesocket: /var/run/haproxy-admin.sock

View File

@ -11,28 +11,16 @@ haproxy-config-dir:
- group: {{ haproxy.config.group }} - group: {{ haproxy.config.group }}
- mode: "0700" - mode: "0700"
haproxy-config-maps-dir: {% for dir in haproxy.config.dirs %}
haproxy-config-{{ dir }}-dir:
file.directory: file.directory:
- name: {{ haproxy.config.dir }}/maps - name: {{ haproxy.config.dir }}/{{ dir }}
- user: {{ haproxy.config.user }} - user: {{ haproxy.config.user }}
- group: {{ haproxy.config.group }} - group: {{ haproxy.config.group }}
- mode: "0700" - mode: "0700"
{% endfor %}
haproxy-config-script-dir: {% for file in haproxy.config.scripts %}
file.directory:
- name: {{ haproxy.config.dir }}/scripts
- user: {{ haproxy.config.user }}
- group: {{ haproxy.config.group }}
- mode: "0700"
haproxy-config-mods-dir:
file.directory:
- name: {{ haproxy.config.dir }}/mods
- user: {{ haproxy.config.user }}
- group: {{ haproxy.config.group }}
- mode: "0700"
{% for file in haproxy.scripts %}
haproxy-script-{{ file.name }}: haproxy-script-{{ file.name }}:
file.managed: file.managed:
- name: {{ haproxy.config.dir }}/{{ file.name }} - name: {{ haproxy.config.dir }}/{{ file.name }}

View File

@ -3,7 +3,7 @@
{%- set fqdn = salt["grains.get"]("fqdn") %} {%- set fqdn = salt["grains.get"]("fqdn") %}
{%- set default_backend = "test" %} {%- set default_backend = "test" %}
{% set ns = namespace(default_backend='notdefined') %} {%- set ns = namespace(default_backend='notdefined') %}
{%- for name, values in haproxy.config.vhosts.items() %}{% if values.default_backend|default(false) %}{% set ns.default_backend = name %}{% endif %}{% endfor %} {%- for name, values in haproxy.config.vhosts.items() %}{% if values.default_backend|default(false) %}{% set ns.default_backend = name %}{% endif %}{% endfor %}
{%- macro internal() -%} {%- macro internal() -%}
@ -67,7 +67,7 @@ backend admin from {{ haproxy.config.namespace }}
global global
lua-prepend-path {{ haproxy.config.dir }}/mods/?.so cpath lua-prepend-path {{ haproxy.config.dir }}/mods/?.so cpath
lua-prepend-path {{ haproxy.config.dir }}/scripts/?.lua lua-prepend-path {{ haproxy.config.dir }}/scripts/?.lua
{%- for file in haproxy.scripts %} {%- for file in haproxy.config.scripts %}
{%- if not file.lib %} {%- if not file.lib %}
lua-load {{ haproxy.config.dir }}/{{ file.name }} lua-load {{ haproxy.config.dir }}/{{ file.name }}
{%- endif %} {%- endif %}
@ -101,7 +101,7 @@ backend per_ip_rates from {{ haproxy.config.namespace }}
# Default HTTP frontend # Default HTTP frontend
frontend http from {{ haproxy.config.namespace }} frontend http from {{ haproxy.config.namespace }}
bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6 bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6 name http
mode http mode http
## ACLs ## ACLs
@ -122,7 +122,7 @@ frontend http from {{ haproxy.config.namespace }}
# Default HTTPS frontend # Default HTTPS frontend
frontend https from {{ haproxy.config.namespace }} frontend https from {{ haproxy.config.namespace }}
bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
#bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} #bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
mode http mode http
option httplog option httplog
@ -133,6 +133,7 @@ frontend https from {{ haproxy.config.namespace }}
acl robots_txt path /robots.txt acl robots_txt path /robots.txt
acl self_host req.hdr(Host) {{ fqdn }} acl self_host req.hdr(Host) {{ fqdn }}
acl path_root path / acl path_root path /
acl path_admin path_beg /;
acl path_host path_dir /host acl path_host path_dir /host
acl path_date path_dir /date acl path_date path_dir /date
acl path_srchash path /srchash acl path_srchash path /srchash
@ -171,10 +172,10 @@ frontend https from {{ haproxy.config.namespace }}
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found } http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
http-request deny deny_status 404 unless domains http-request deny deny_status 404 unless domains
{%- if haproxy.config.admin.enable %} {%- if haproxy.config.admin %}
use_backend admin if self_host internal path_root use_backend admin if self_host internal path_root || path_admin
{%- endif %} {%- endif %}
use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts)] use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts,nginx)]
monitor-uri /dead_or_alive monitor-uri /dead_or_alive
default_backend {{ ns.default_backend }} default_backend {{ ns.default_backend }}
@ -191,7 +192,6 @@ backend {{ name }} from {{ haproxy.config.namespace }}
http-check {{ step }} http-check {{ step }}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{{ statusresponses() }}
{%- if values.head|default(False) %} {%- if values.head|default(False) %}
{{ head() }} {{ head() }}
{%- endif %} {%- endif %}
@ -214,7 +214,7 @@ backend {{ name }} from {{ haproxy.config.namespace }}
# TCP services # TCP services
{%- for name, values in haproxy.config.services.items() %} {%- for name, values in haproxy.config.services.items() %}
listen {{ name }} from {{ haproxy.config.namespace }} listen {{ name }} from {{ haproxy.config.namespace }}
bind *:{{ values.port }},:::{{ values.port }} v4v6 bind *:{{ values.port }},:::{{ values.port }} v4v6 name {{ name }}
mode tcp mode tcp
option tcplog option tcplog
{%- if values.type == "postgres" %} {%- if values.type == "postgres" %}
@ -231,6 +231,6 @@ listen {{ name }} from {{ haproxy.config.namespace }}
bind *:{{ values.port }},:::{{ values.port }} v4v6 bind *:{{ values.port }},:::{{ values.port }} v4v6
{% endfor %} {% endfor %}
{%- if haproxy.config.admin.enable %} {%- if haproxy.config.admin %}
{{ admin() }} {{ admin() }}
{%- endif %} {%- endif %}