paulbsd-salt/states/haproxy/defaults.yaml

---
haproxy:
  enabled: true
  pkgs:
    - haproxy
    - liblua5.3-dev
    - lua-filesystem
    - lua-socket
    - libcurl4-openssl-dev
    - libmaxminddb-dev
    - libjansson-dev
  maps:
    - access
    - countries
    - domains
    - redirects
    - vhosts
  acme: false
  hatop:
    fetchurl: https://github.com/jhunt/hatop/releases/download
    version: "0.8.2"
    hash: sha256=6ba2136e98b9a436488be67a54a5295f55f38090157d09df0154dda493ac5815
  config:
    dir: /etc/haproxy
    configfile: haproxy.cfg
    syscontact: haproxy@example.com
    geoip:
      enabled: true
      countries:
        FR: OK
      dbs:
        - name: geoip/GeoLite2-City.mmdb
          url: https://git.paulbsd.com/paulbsd/GeoLite.mmdb/releases/download/2023.03.26/GeoLite2-City.mmdb
    lua_max_mem: 1024
    peers:
      hosts: []
      port: 4096
    dirs:
      - geoip
      - maps
      - scripts
      - mods
      - errors
    geoip_dbs:
    scripts:
      - name: mods/haproxy.c
        lib: true
      - name: scripts/compile.lua
        lib: true
      - name: scripts/geoip.lua
        lib: false
        args:
          - /etc/haproxy/geoip/GeoLite2-City.mmdb
      - name: scripts/json.lua
        lib: true
      - name: scripts/collector.lua
        lib: false
      - name: scripts/weight.lua
        enabled: false
        lib: false
        args:
          - 5
      - name: scripts/state.lua
        lib: false
        args:
          - 30
    namespace: paulbsd
    user: haproxy
    group: haproxy
    servername: "High-performance Web Server 1.0"
    http2: true
    defaults:
      #log: global
      #log: 127.0.0.1 local0
      load-server-state-from-file: global
      log: stdout format raw daemon info
      retries: 2
      timeout check: 4s
      timeout client: 60m
      timeout connect: 2s
      timeout server: 60m
      unique-id-format: "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"
    balance: roundrobin
    check: true
    http_port: 80
    https_port: 443
    capture_length: 200
    admin: false
    api:
      enable: true
      filesocket: /var/run/haproxy-admin.sock
      tcpsocket: ipv4@127.0.0.1:9990
    acme_dir: /etc/acme
    acme_fullchains_dir: /etc/acme/fullchains
    acme_dh_dir: /etc/acme/dh
    ssl_ciphers:
      - EECDH+AESGCM
      - EECDH+CHACHA20
    ssl_options:
      - no-sslv3
      - no-tls-tickets
    compression_mime_types:
      - text/html
      - text/plain
      - text/css
      - text/javascript
      - application/json
      - application/octet-stream
    cache:
      size: 50000
      file_types:
        - .css
        - .js
        - .png
        - .jpg
        - .svg
        - .webp
    ddos:
      timeperiod: 10s
      maxrequests: 200
      size: 1m
    domains: []
    vhosts: {}
    services: {}
    spoe: {}