From 8b0aa2cced7d7956e5880340c6fe4ca10a1fe41a Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Fri, 23 Jun 2023 08:47:25 +0200 Subject: [PATCH] updated haproxy state --- states/haproxy/config.sls | 8 ++++---- states/haproxy/defaults.yaml | 8 ++++++-- states/haproxy/scripts/collector.lua | 2 +- states/haproxy/scripts/state.lua | 1 - states/haproxy/templates/haproxy.cfg.j2 | 10 +++++----- 5 files changed, 16 insertions(+), 13 deletions(-) diff --git a/states/haproxy/config.sls b/states/haproxy/config.sls index a7ed709..e492f7b 100644 --- a/states/haproxy/config.sls +++ b/states/haproxy/config.sls @@ -1,10 +1,10 @@ --- {%- from "haproxy/map.jinja" import haproxy with context %} -{% for filename in haproxy.maps %} -haproxy-maps-{{ filename }}: +{% for map in haproxy.maps %} +haproxy-maps-{{ map }}: file.managed: - - name: {{ haproxy.config.dir }}/maps/{{ filename }} - - source: salt://haproxy/templates/maps/{{ filename }}.j2 + - name: {{ haproxy.config.dir }}/maps/{{ map }} + - source: salt://haproxy/templates/maps/{{ map }}.j2 - user: {{ haproxy.config.user }} - group: {{ haproxy.config.group }} - mode: "0600" diff --git a/states/haproxy/defaults.yaml b/states/haproxy/defaults.yaml index 3f41e55..9daef81 100644 --- a/states/haproxy/defaults.yaml +++ b/states/haproxy/defaults.yaml @@ -106,12 +106,16 @@ haproxy: - application/json - application/octet-stream cache: - size: 50000 + total: 128 + size: 8 + age: 86400 file_types: - .css + - .ico + - .jpeg + - .jpg - .js - .png - - .jpg - .svg - .webp ddos: diff --git a/states/haproxy/scripts/collector.lua b/states/haproxy/scripts/collector.lua index f14a945..0cb040e 100644 --- a/states/haproxy/scripts/collector.lua +++ b/states/haproxy/scripts/collector.lua @@ -24,7 +24,7 @@ core.register_action("collector", { "http-req" }, function(txn) info["path"] = reqpath local infojson = json.encode(info) - -- httpclient is a haproxy 2.5 class + -- httpclient is a haproxy 2.5+ class local req = httpclient:post{url="https://ipbl.paulbsd.com", body=infojson} txn.Info(txn, infojson) diff --git a/states/haproxy/scripts/state.lua b/states/haproxy/scripts/state.lua index f0c2157..cea6e8a 100644 --- a/states/haproxy/scripts/state.lua +++ b/states/haproxy/scripts/state.lua @@ -1,4 +1,3 @@ ---local socket = require("socket") local sleep_secs=15 local args = table.pack(...) diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2 index 085ca15..114cc3c 100644 --- a/states/haproxy/templates/haproxy.cfg.j2 +++ b/states/haproxy/templates/haproxy.cfg.j2 @@ -109,16 +109,16 @@ peers paulbsd # Cache cache static - total-max-size 64 - max-object-size {{ haproxy.config.cache.size|default(5000) }} - max-age 120 + total-max-size {{ haproxy.config.cache.total|default(64) }} + max-object-size {{ (haproxy.config.cache.size|default(8))*1024*1024 }} + max-age {{ haproxy.config.cache.age|default(3600) }} # Per IP rates stick table backend per_ip_rates from {{ haproxy.config.namespace }} stick-table type string size {{ haproxy.config.ddos.size|default("1m") }} expire {{ haproxy.config.ddos.timeperiod|default("10s") }} store http_req_rate({{ haproxy.config.ddos.timeperiod|default("10s")}}) {{ "peers paulbsd" if haproxy.config.peers.hosts }} # Default HTTP frontend -frontend http from {{ haproxy.config.namespace }} +frontend fe_http from {{ haproxy.config.namespace }} bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6 name http mode http {% for name, service in haproxy.config.spoe.items() %} @@ -143,7 +143,7 @@ frontend http from {{ haproxy.config.namespace }} http-request redirect scheme https if http # Default HTTPS frontend -frontend https from {{ haproxy.config.namespace }} +frontend fe_https from {{ haproxy.config.namespace }} .if feature(QUIC) bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https .else