ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

haproxy.cfg.j2 (2716B)


      1 global
      2     log /dev/log	local0
      3     log /dev/log	local1 notice
      4     chroot /var/lib/haproxy
      5     stats socket /run/haproxy/admin.sock mode 660 level admin
      6     stats timeout 30s
      7     user haproxy
      8     group haproxy
      9     daemon
     10 
     11     ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:!MD5:!aNULL:!DH:!RC4
     12     ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
     13 
     14 defaults
     15     log	global
     16     mode	http
     17     option	httplog
     18     option	dontlognull
     19     option forwardfor
     20     timeout connect 5000
     21     timeout client  50000
     22     timeout server  50000
     23     errorfile 400 /etc/haproxy/errors/400.http
     24     errorfile 403 /etc/haproxy/errors/403.http
     25     errorfile 408 /etc/haproxy/errors/408.http
     26     errorfile 500 /etc/haproxy/errors/500.http
     27     errorfile 502 /etc/haproxy/errors/502.http
     28     errorfile 503 /etc/haproxy/errors/503.http
     29     errorfile 504 /etc/haproxy/errors/504.http
     30 
     31 userlist buildbotusers
     32     user {{ buildbot__username }} password {{ buildbot__password }}
     33 
     34 
     35 frontend eighty
     36     bind *:80
     37     mode http
     38     redirect scheme https if !{ ssl_fc }
     39 
     40 frontend ssl
     41     bind *:443 ssl crt-list /etc/haproxy/crt-list.cfg
     42     mode http
     43     http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload
     44     http-request set-header X-Forwarded-Proto https if { ssl_fc }
     45 
     46     use_backend local if { url_beg /.well-known }
     47     use_backend plothopes if { hdr(host) -i plothopes.com -i www.plothopes.com }
     48     use_backend f.erethon.com if { hdr(host) -i f.erethon.com }
     49     use_backend grafana.erethon.com if { hdr(host) -i grafana.erethon.com }
     50     use_backend static if { hdr(host) -i capitalism.erethon.com -i hacked.erethon.com -i erethon.com -i www.erethon.com -i blog.erethon.com -i about.erethon.com -i git.erethon.com }
     51     use_backend buildbot if { hdr(host) -i buildbot.erethon.com }
     52 
     53 backend plothopes
     54     mode http
     55     server plothopes {{ plothopes__private_ip }}:{{ plothopes__port }} 
     56 
     57 backend f.erethon.com
     58     mode http
     59     server f.erethon.com {{ files__private_ip }}:{{ files__port }} 
     60 
     61 backend grafana.erethon.com
     62     mode http
     63     server grafana.erethon.com {{ grafana__private_ip }}:{{ grafana__port }} 
     64 
     65 backend static
     66     mode http
     67     server webd {{ static__private_ip }}:80
     68 
     69 backend buildbot
     70     mode http
     71     acl authbuildbotusers http_auth(buildbotusers)
     72     http-request auth realm buildbotrealm if !authbuildbotusers
     73     server obsd001 {{ buildbot__private_ip }}:8010
     74 
     75 backend local
     76     mode http
     77     server local 127.0.0.1:8080