142 lines
2.8 KiB
YAML
142 lines
2.8 KiB
YAML
---
|
|
haproxy:
|
|
enabled: true
|
|
pkgs:
|
|
- haproxy: '>3'
|
|
- liblua5.4-dev
|
|
- lua-filesystem
|
|
- lua-socket
|
|
- libcurl4-openssl-dev
|
|
- libmaxminddb-dev
|
|
- libjansson-dev
|
|
acme: false
|
|
hatop:
|
|
fetchurl: https://github.com/jhunt/hatop/releases/download
|
|
version: "0.8.2"
|
|
hash: sha256=6ba2136e98b9a436488be67a54a5295f55f38090157d09df0154dda493ac5815
|
|
config:
|
|
dir: /etc/haproxy
|
|
configfile: haproxy.cfg
|
|
syscontact: haproxy@example.com
|
|
geoip:
|
|
enabled: true
|
|
countries:
|
|
FR: OK
|
|
lua_max_mem: 1024
|
|
peers:
|
|
hosts: []
|
|
port: 4096
|
|
servers:
|
|
hosts: []
|
|
dirs:
|
|
- maps
|
|
- scripts
|
|
- mods
|
|
- errors
|
|
- static
|
|
static:
|
|
- security.txt
|
|
maps:
|
|
- access
|
|
- allowhttp
|
|
- countries
|
|
- domains
|
|
- redirects
|
|
- ua
|
|
- vhosts
|
|
scripts:
|
|
haproxy:
|
|
path: mods/haproxy.c
|
|
lib: true
|
|
compile:
|
|
path: scripts/compile.lua
|
|
lib: true
|
|
geoip:
|
|
path: scripts/geoip.lua
|
|
lib: false
|
|
args:
|
|
- /usr/share/GeoIP/GeoLite2-City.mmdb
|
|
json:
|
|
path: scripts/json.lua
|
|
lib: true
|
|
collector:
|
|
path: scripts/collector.lua
|
|
lib: false
|
|
#- name: scripts/weight.lua
|
|
# lib: false
|
|
# args:
|
|
# - 5
|
|
state:
|
|
path: scripts/state.lua
|
|
lib: false
|
|
args:
|
|
- 30
|
|
namespace: paulbsd
|
|
user: haproxy
|
|
group: haproxy
|
|
servername: HAProxy
|
|
http2: true
|
|
defaults:
|
|
#log: global
|
|
#log: 127.0.0.1 local0
|
|
load-server-state-from-file: global
|
|
log: stdout format raw daemon info
|
|
retries: 2
|
|
timeout check: 4s
|
|
timeout client: 60m
|
|
timeout connect: 2s
|
|
timeout server: 60m
|
|
timeout http-request: 10s
|
|
timeout http-keep-alive: 2s
|
|
timeout client-fin: 1s
|
|
timeout server-fin: 1s
|
|
balance: roundrobin
|
|
check: true
|
|
http_port: 80
|
|
https_port: 443
|
|
capture_length: 200
|
|
admin: false
|
|
quic: true
|
|
api:
|
|
enable: true
|
|
filesocket: /var/run/haproxy-admin.sock
|
|
tcpsocket: ipv4@127.0.0.1:9990
|
|
acme_dir: /etc/acme
|
|
acme_fullchains_dir: /etc/acme/fullchains
|
|
acme_dh_dir: /etc/acme/dh
|
|
ssl_ciphers:
|
|
- EECDH+AESGCM
|
|
- EECDH+CHACHA20
|
|
ssl_options:
|
|
- no-sslv3
|
|
- no-tls-tickets
|
|
compression_mime_types:
|
|
- text/html
|
|
- text/plain
|
|
- text/css
|
|
- text/javascript
|
|
- application/json
|
|
- application/octet-stream
|
|
cache:
|
|
total: 128
|
|
size: 8
|
|
age: 86400
|
|
file_types:
|
|
- .css
|
|
- .ico
|
|
- .jpeg
|
|
- .jpg
|
|
- .js
|
|
- .png
|
|
- .svg
|
|
- .webp
|
|
- .woff2
|
|
ddos:
|
|
timeperiod: 10s
|
|
maxrequests: 200
|
|
size: 1m
|
|
domains: []
|
|
vhosts: {}
|
|
services: {}
|
|
spoe: {}
|