paulbsd-salt/states/haproxy/defaults.yaml

---
haproxy:
  enabled: true
  packages:
    - haproxy
  config:
    defaults:
      #log global:
      #log 127.0.0.1 local0:
      log stdout format raw daemon info:
      mode http:
      option httplog:
      option forwardfor:
      retries 2:
      timeout client 30m:
      timeout connect 4s:
      timeout server 30m:
      timeout check 5s:
    dir: /etc/haproxy
    configfile: haproxy.cfg
    accessfile: access
    user: haproxy
    group: haproxy
    http_port: 80
    https_port: 443
    admin: false
    acme_dir: /etc/acme
    ssl_ciphers:
      - "ECDH+AESGCM"
      - "DH+AESGCM"
      - "ECDH+AES256"
      - "DH+AES256"
      - "ECDH+AES128"
      - "DH+AES"
      - "ECDH+3DES"
      - "DH+3DES"
      - "RSA+AESGCM"
      - "RSA+AES"
      - "RSA+3DES"
      - "!aNULL"
      - "!MD5"
      - "!DSS"
    ssl_options:
      - no-sslv3
      - no-tls-tickets
    vhosts: {}
    services: {}