This commit is contained in:
parent
9fbe6854f5
commit
5a6b48a7f6
@ -14,6 +14,7 @@ haproxy:
|
|||||||
- countries
|
- countries
|
||||||
- domains
|
- domains
|
||||||
- redirects
|
- redirects
|
||||||
|
- ua
|
||||||
- vhosts
|
- vhosts
|
||||||
acme: false
|
acme: false
|
||||||
hatop:
|
hatop:
|
||||||
|
@ -159,6 +159,7 @@ frontend fe_https from {{ haproxy.config.namespace }}
|
|||||||
## ACLs
|
## ACLs
|
||||||
acl internal src -f {{ haproxy.config.dir }}/maps/access
|
acl internal src -f {{ haproxy.config.dir }}/maps/access
|
||||||
acl domains req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/domains) -m found
|
acl domains req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/domains) -m found
|
||||||
|
acl ua req.hdr(User-Agent),map_beg(/etc/haproxy/maps/ua) -m found
|
||||||
acl security_txt path /.well-known/security.txt
|
acl security_txt path /.well-known/security.txt
|
||||||
acl robots_txt path /robots.txt
|
acl robots_txt path /robots.txt
|
||||||
acl max_req_rate sc_http_req_rate(0) gt {{ haproxy.config.ddos.maxrequests|default(200) }}
|
acl max_req_rate sc_http_req_rate(0) gt {{ haproxy.config.ddos.maxrequests|default(200) }}
|
||||||
@ -213,11 +214,12 @@ frontend fe_https from {{ haproxy.config.namespace }}
|
|||||||
http-response set-header X-Random "%[var(txn.random)]"
|
http-response set-header X-Random "%[var(txn.random)]"
|
||||||
|
|
||||||
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
|
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
|
||||||
http-request deny deny_status 404 unless domains
|
http-request deny deny_status 404 unless domains || ua
|
||||||
{%- if haproxy.config.admin %}
|
{%- if haproxy.config.admin %}
|
||||||
use_backend admin if self_host internal
|
use_backend admin if self_host internal
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts,nginx)]
|
use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts)] if domains
|
||||||
|
use_backend %[req.hdr(User-Agent),map_beg({{ haproxy.config.dir }}/maps/ua)] if ua
|
||||||
default_backend {{ ns.default_backend }}
|
default_backend {{ ns.default_backend }}
|
||||||
|
|
||||||
monitor-uri /dead_or_alive
|
monitor-uri /dead_or_alive
|
||||||
|
7
states/haproxy/templates/maps/ua.j2
Normal file
7
states/haproxy/templates/maps/ua.j2
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
|
{%- from "haproxy/map.jinja" import haproxy with context %}
|
||||||
|
{%- for name, values in haproxy.config.vhosts.items() %}
|
||||||
|
{%- if not values.redirect|default(false) and values.ua|default(false) %}
|
||||||
|
{{ values.ua }} {{ name }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- endfor %}
|
Loading…
Reference in New Issue
Block a user