updated haproxy state

2023-06-23 08:47:25 +02:00 · 2023-06-23 08:47:25 +02:00 · 8b0aa2cced
commit 8b0aa2cced
parent ee05a512bc
5 changed files with 16 additions and 13 deletions
--- a/states/haproxy/config.sls
+++ b/states/haproxy/config.sls
@ -1,10 +1,10 @@
 ---
 {%- from "haproxy/map.jinja" import haproxy with context %}
-{% for filename in haproxy.maps %}
-haproxy-maps-{{ filename }}:
+{% for map in haproxy.maps %}
+haproxy-maps-{{ map }}:
  file.managed:
-    - name: {{ haproxy.config.dir }}/maps/{{ filename }}
-    - source: salt://haproxy/templates/maps/{{ filename }}.j2
+    - name: {{ haproxy.config.dir }}/maps/{{ map }}
+    - source: salt://haproxy/templates/maps/{{ map }}.j2
    - user: {{ haproxy.config.user }}
    - group: {{ haproxy.config.group }}
    - mode: "0600"
--- a/states/haproxy/defaults.yaml
+++ b/states/haproxy/defaults.yaml
@ -106,12 +106,16 @@ haproxy:
      - application/json
      - application/octet-stream
    cache:
-      size: 50000
+      total: 128
+      size: 8
+      age: 86400
      file_types:
        - .css
+        - .ico
+        - .jpeg
+        - .jpg
        - .js
        - .png
-        - .jpg
        - .svg
        - .webp
    ddos:
--- a/states/haproxy/scripts/collector.lua
+++ b/states/haproxy/scripts/collector.lua
@ -24,7 +24,7 @@ core.register_action("collector", { "http-req" }, function(txn)
  info["path"] = reqpath

  local infojson = json.encode(info)
-  -- httpclient is a haproxy 2.5 class
+  -- httpclient is a haproxy 2.5+ class
  local req = httpclient:post{url="https://ipbl.paulbsd.com", body=infojson}

  txn.Info(txn, infojson)
--- a/states/haproxy/scripts/state.lua
+++ b/states/haproxy/scripts/state.lua
@ -1,4 +1,3 @@
--local socket = require("socket")
 local sleep_secs=15

 local args = table.pack(...)
--- a/states/haproxy/templates/haproxy.cfg.j2
+++ b/states/haproxy/templates/haproxy.cfg.j2
@ -109,16 +109,16 @@ peers paulbsd

 # Cache
 cache static
-  total-max-size 64
-  max-object-size {{ haproxy.config.cache.size|default(5000) }}
-  max-age 120
+  total-max-size {{ haproxy.config.cache.total|default(64) }}
+  max-object-size {{ (haproxy.config.cache.size|default(8))*1024*1024 }}
+  max-age {{ haproxy.config.cache.age|default(3600) }}

 # Per IP rates stick table
 backend per_ip_rates from {{ haproxy.config.namespace }}
  stick-table type string size {{ haproxy.config.ddos.size|default("1m") }} expire {{ haproxy.config.ddos.timeperiod|default("10s") }} store http_req_rate({{ haproxy.config.ddos.timeperiod|default("10s")}}) {{ "peers paulbsd" if haproxy.config.peers.hosts }}

 # Default HTTP frontend
-frontend http from {{ haproxy.config.namespace }}
+frontend fe_http from {{ haproxy.config.namespace }}
  bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6 name http
  mode http
 {% for name, service in haproxy.config.spoe.items() %}
@ -143,7 +143,7 @@ frontend http from {{ haproxy.config.namespace }}
  http-request redirect scheme https if http

 # Default HTTPS frontend
-frontend https from {{ haproxy.config.namespace }}
+frontend fe_https from {{ haproxy.config.namespace }}
 .if feature(QUIC)
  bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https
 .else