Merge "Enable stats to use dedicated server certificate and allow for client cert auth"
This commit is contained in:
commit
c321f39fc3
|
@ -31,6 +31,8 @@ haproxy_stats_enabled: False
|
|||
haproxy_stats_bind_address: 127.0.0.1
|
||||
haproxy_stats_port: 1936
|
||||
haproxy_stats_ssl: "{{ haproxy_ssl }}"
|
||||
# haproxy_stats_ssl_cert_path: "{{ haproxy_ssl_cert_path }}/somecustomstatscert.pem"
|
||||
# haproxy_stats_ssl_client_cert_ca: "{{ haproxy_ssl_cert_path }}/somecustomrootca.pem"
|
||||
haproxy_username: admin
|
||||
haproxy_stats_password: secrete
|
||||
haproxy_stats_refresh_interval: 60
|
||||
|
|
|
@ -39,10 +39,10 @@ defaults
|
|||
timeout http-request {{ haproxy_http_request_timeout }}
|
||||
timeout server {{ haproxy_server_timeout }}
|
||||
maxconn {{ haproxy_maxconn }}
|
||||
|
||||
{% if haproxy_stats_enabled | bool %}
|
||||
{% set haproxy_ssl_path=haproxy_ssl_cert_path + "/haproxy_" + (haproxy_host | default(ansible_facts['hostname'])) + "-" + ((vip_interface is truthy) | ternary(vip_address ~ '-' ~ vip_interface, vip_address)) + ".pem" %}
|
||||
listen stats
|
||||
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
|
||||
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_stats_ssl_cert_path | default(haproxy_ssl_path) }} {% if haproxy_stats_ssl_client_cert_ca is defined %}verify required ca-file {{ haproxy_stats_ssl_client_cert_ca }}{% endif %}{% endif %}
|
||||
|
||||
{% if haproxy_stats_process is defined %}
|
||||
bind-process {{ haproxy_stats_process }}
|
||||
|
|
Loading…
Reference in New Issue