updated haproxy state

states/haproxy/defaults.yaml

@@ -20,6 +20,7 @@ haproxy:
   config:
     dir: /etc/haproxy
     configfile: haproxy.cfg
+    namespace: paulbsd
     servername: "High-performance Web Server"
     http2: true
     defaults:

states/haproxy/templates/haproxy.cfg.j2

@@ -14,10 +14,6 @@
   http-response return content-type text/html string "404 not found" if { status 404 }
 {%- endmacro -%}
 
-{%- macro serverheader() -%}
-  http-response set-header server "{{ haproxy.config.servername }}"
-{%- endmacro -%}
-
 {%- macro httpcheckrules(layer="layer7",inter="2s",fall=5,rise=5) -%}check observe {{ layer }} inter {{ inter }} fall {{ fall }} rise {{ rise }}{%- endmacro -%}
 
 {%- macro httpsslrules() -%}ssl verify none{%- endmacro -%}
@@ -46,7 +42,7 @@
 
 {%- macro admin() -%}
 # Stats Backend
-backend admin
+backend admin from {{ haproxy.config.namespace }}
   mode http
   stats enable
   stats admin if TRUE
@@ -82,7 +78,7 @@ global
   ssl-dh-param-file {{ haproxy.config.acme_dh_dir }}/dh.pem
 
 # Defaults values
-defaults
+defaults {{ haproxy.config.namespace }}
 {%- for key, value in haproxy.config.defaults.items() %}
   {{ key }} {{ value }}
 {%- endfor %}
@@ -94,11 +90,11 @@ cache static
   max-age 120
 
 # Per IP rates stick table
-backend per_ip_rates
+backend per_ip_rates from {{ haproxy.config.namespace }}
   stick-table type string size 1m expire {{ haproxy.config.ddos.timeperiod|default("10s") }} store http_req_rate({{ haproxy.config.ddos.timeperiod|default("10s")}})
 
 # Default HTTP frontend
-frontend http
+frontend http from {{ haproxy.config.namespace }}
   bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6
   mode http
   acl http ssl_fc,not
@@ -109,7 +105,7 @@ frontend http
   http-request redirect scheme https if http
 
 # Default HTTPS frontend
-frontend https
+frontend https from {{ haproxy.config.namespace }}
   bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
   #bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
   mode http
@@ -143,6 +139,8 @@ frontend https
   http-request set-header X-Proto https if { ssl_fc }
 
   http-response set-header Date "%[date,http_date()]"
+  http-response set-header Server "{{ haproxy.config.servername }}"
+  http-response set-header X-Random "%[rand,mul(5)]"
 
   log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
   http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
@@ -157,7 +155,7 @@ frontend https
 # HTTP Backends
 {%- for name, values in haproxy.config.vhosts.items() %}
 {%- if not values.redirect|default(False) %}
-backend {{ name }}
+backend {{ name }} from {{ haproxy.config.namespace }}
   balance {{ values.balance|default(haproxy.config.balance) }}
   mode http
   option forwardfor
@@ -180,10 +178,6 @@ backend {{ name }}
   {{ cache() }}
 {%- endif %}
 
-{%- if values.serverheader|default(True) %}
-  {{ serverheader() }}
-{%- endif %}
-
 {%- if values.internal|default(False) %}
   {{ internal() }}
 {%- endif %}
@@ -193,7 +187,7 @@ backend {{ name }}
 
 # TCP services
 {%- for name, values in haproxy.config.services.items() %}
-listen {{ name }}
+listen {{ name }} from {{ haproxy.config.namespace }}
   bind *:{{ values.port }},:::{{ values.port }} v4v6
   mode tcp
   option tcplog
@@ -207,7 +201,7 @@ listen {{ name }}
 
 # SPOE Agents
 {%- for name, values in haproxy.config.spoe.items() %}
-listen {{ name }}
+listen {{ name }} from {{ haproxy.config.namespace }}
   bind *:{{ values.port }},:::{{ values.port }} v4v6
 {% endfor %}