paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated haproxy state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2023-12-01 16:45:53 +01:00
parent f191d2bead
commit c22e7d2e88
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
states/haproxy/templates/haproxy.cfg.j2
View File

@ -104,6 +104,9 @@ global
tune.lua.maxmem {{ haproxy.config.lua_max_mem }} tune.lua.maxmem {{ haproxy.config.lua_max_mem }}
expose-experimental-directives expose-experimental-directives
.if feature(QUIC)
limited-quic
.endif
# Defaults values # Defaults values
defaults {{ haproxy.config.namespace }} defaults {{ haproxy.config.namespace }}
@ -160,9 +163,8 @@ frontend fe_http from {{ haproxy.config.namespace }}
frontend fe_https from {{ haproxy.config.namespace }} frontend fe_https from {{ haproxy.config.namespace }}
.if feature(QUIC) .if feature(QUIC)
bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h3,h2,http/1.1{% endif %} name https
.else
bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
.endif .endif
bind *:{{ haproxy.config.https_port }},:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %} name https
mode http mode http
option httplog option httplog
option http-buffer-request option http-buffer-request
@ -194,7 +196,7 @@ frontend fe_https from {{ haproxy.config.namespace }}
http-request track-sc0 var(req.accesshash) table per_ip_rates http-request track-sc0 var(req.accesshash) table per_ip_rates
http-request capture req.hdr(User-Agent) len 50 http-request capture req.hdr(User-Agent) len 200
http-request capture req.hdr(Content-Type) len 50 http-request capture req.hdr(Content-Type) len 50
http-request capture sc_http_req_rate(0) len 4 http-request capture sc_http_req_rate(0) len 4
@ -226,6 +228,9 @@ frontend fe_https from {{ haproxy.config.namespace }}
http-response set-header Date "%[var(txn.httpdate)]" http-response set-header Date "%[var(txn.httpdate)]"
http-response set-header Server "{{ haproxy.config.servername }}" http-response set-header Server "{{ haproxy.config.servername }}"
http-response set-header X-Random "%[var(txn.random)]" http-response set-header X-Random "%[var(txn.random)]"
.if feature(QUIC)
http-response set-header Alt-Svc "h3=\":443\"; ma=3600"
.endif
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found } http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
http-request deny deny_status 404 unless domains || ua http-request deny deny_status 404 unless domains || ua