---
haproxy:
  enabled: true
  packages:
    - haproxy
  scripts:
    - name: scripts/http.lua
      lib: true
    - name: scripts/json.lua
      lib: true
    - name: scripts/collector.lua
      lib: false
    - name: scripts/weight_by_latency.lua
      lib: false
  maps:
    - access
    - domains
    - redirects
    - vhosts
  config:
    dir: /etc/haproxy
    configfile: haproxy.cfg
    servername: "High-performance Web Server"
    http2: true
    defaults:
      #log: global
      #log: 127.0.0.1 local0
      log: stdout format raw daemon info
      retries: 2
      timeout check: 1s
      timeout client: 30m
      timeout connect: 1s
      timeout server: 30m
      unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"
    balance: roundrobin
    check: true
    user: haproxy
    group: haproxy
    http_port: 80
    https_port: 443
    capture_length: 200
    admin:
      enable: false
      port: 7000
    api:
      enable: true
      filesocket: /var/run/haproxy.sock
      tcpsocket: ipv4@127.0.0.1:9990
    acme_dir: /etc/acme
    acme_fullchains_dir: /etc/acme/fullchains
    acme_dh_dir: /etc/acme/dh
    ssl_ciphers:
      - "ECDH+AESGCM"
      - "DH+AESGCM"
      - "ECDH+AES256"
      - "DH+AES256"
      - "ECDH+AES128"
      - "DH+AES"
      - "ECDH+3DES"
      - "DH+3DES"
      - "RSA+AESGCM"
      - "RSA+AES"
      - "RSA+3DES"
      - "!aNULL"
      - "!MD5"
      - "!DSS"
    ssl_options:
      - no-sslv3
      - no-tls-tickets
    gzip_mime_types:
      - text/html
      - text/plain
      - text/css
      - text/javascript
      - application/json
    cache_file_types:
      - .css
      - .js
      - .png
      - .jpg
    ddos:
      timeperiod: 10s
      maxrequests: 200
    domains: {}
    vhosts: {}
    services: {}
    spoe: {}