ansible-debops-infrastructure

Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit 3c5c6465d493eaf3d2424f57aa416a291b17b874
parent 7b53a15fe81a782aebc38acbdef53fabe0435295
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Sun, 29 Apr 2018 00:38:26 +0300

haproxy: Init haproxy role

At the moment this a bit 'hardcoded' for the services on host spinny

Diffstat:
ansible/inventory/host_vars/spinny/haproxy.yml | 3++-
ansible/roles/haproxy/handlers/main.yml | 6++++++
ansible/roles/haproxy/tasks/main.yml | 6++++++
ansible/roles/haproxy/templates/haproxy.cfg.j2 | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/ansible/inventory/host_vars/spinny/haproxy.yml b/ansible/inventory/host_vars/spinny/haproxy.yml @@ -1,3 +1,4 @@ --- -haproxy__grafana_backend_port: 18083 +prosody__public_ip: '163.172.24.171' +prosody__private_ip: '192.168.122.2' diff --git a/ansible/roles/haproxy/handlers/main.yml b/ansible/roles/haproxy/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Reload haproxy + service: + name: haproxy + state: reloaded diff --git a/ansible/roles/haproxy/tasks/main.yml b/ansible/roles/haproxy/tasks/main.yml @@ -0,0 +1,6 @@ +--- + +- template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + notify: Reload haproxy diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -0,0 +1,69 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4 + ssl-default-bind-options no-sslv3 + +defaults + log global + mode http + option httplog + option dontlognull + option forwardfor + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend prosody + bind {{ prosody__public_ip }}:5222 + mode tcp + default_backend prosody_backend + +backend prosody_backend + mode tcp + server prosody {{ prosody__private_ip }}:5222 + +frontend prosody_muc + bind {{ prosody__public_ip }}:5269 + mode tcp + default_backend prosody_muc + +backend prosody_muc + mode tcp + server prosody_muc {{ prosody__private_ip }}:5269 + +frontend eighty + bind *:80 + mode http + redirect scheme https if !{ ssl_fc } + +frontend ssl + bind *:443 ssl crt /etc/ssl/private/plothopes.com/plothopes.pem + mode http + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload + http-request set-header X-Forwarded-Proto https if { ssl_fc } + + use_backend local if { url_beg /.well-known } + use_backend plothopes if { hdr(host) -i plothopes.com -i www.plothopes.com } + +backend plothopes + mode http + server plothopes {{ plothopes__private_ip }}:{{ plothopes__port }} + +backend local + mode http + server local 127.0.0.1:8080