65 lines
2.8 KiB
Django/Jinja
65 lines
2.8 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
global
|
|
log /dev/log local0
|
|
chroot /var/lib/haproxy
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
maxconn {{ haproxy_maxconn }}
|
|
{% for key, value in ((_haproxy_default_tuning_params | default({})) | combine(haproxy_tuning_params)).items() %}
|
|
{{ key }} {{ value }}
|
|
{% endfor %}
|
|
stats socket /var/run/haproxy.stat level admin mode 600
|
|
{% if haproxy_stats_process is defined %}
|
|
stats bind-process {{ haproxy_stats_process }}
|
|
{% endif %}
|
|
{% if haproxy_ssl | bool %}
|
|
ssl-default-bind-options {{ haproxy_ssl_bind_options }}
|
|
ssl-default-server-options {{ haproxy_ssl_server_options }}
|
|
{% if haproxy_ssl_cipher_suite_tls13 != "" -%}
|
|
ssl-default-bind-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
|
|
ssl-default-server-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
|
|
{% endif -%}
|
|
{% if haproxy_ssl_cipher_suite_tls12 != "" -%}
|
|
ssl-default-bind-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
|
|
ssl-default-server-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
|
|
{% endif -%}
|
|
tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
|
|
{% endif %}
|
|
|
|
defaults
|
|
log global
|
|
option dontlognull
|
|
option redispatch
|
|
option {{ haproxy_keepalive_mode }}
|
|
retries {{ haproxy_retries }}
|
|
timeout client {{ haproxy_client_timeout }}
|
|
timeout connect {{ haproxy_connect_timeout }}
|
|
timeout http-request {{ haproxy_http_request_timeout }}
|
|
timeout server {{ haproxy_server_timeout }}
|
|
maxconn {{ haproxy_maxconn }}
|
|
{% if haproxy_stats_enabled | bool %}
|
|
{% set haproxy_ssl_path = haproxy_ssl_cert_path + "/haproxy_" + (haproxy_host | default(ansible_facts['hostname'])) + "-" + ((haproxy_bind_internal_lb_vip_interface is truthy) | ternary(haproxy_bind_internal_lb_vip_address ~ '-' ~ haproxy_bind_internal_lb_vip_interface, haproxy_bind_internal_lb_vip_address)) + ".pem" %}
|
|
listen stats
|
|
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_stats_ssl_cert_path | default(haproxy_ssl_path) }} {% if haproxy_stats_ssl_client_cert_ca is defined %}verify required ca-file {{ haproxy_stats_ssl_client_cert_ca }}{% endif %}{% endif %}
|
|
|
|
{% if haproxy_stats_process is defined %}
|
|
bind-process {{ haproxy_stats_process }}
|
|
{% endif %}
|
|
mode http
|
|
{% if haproxy_stats_prometheus_enabled | bool %}
|
|
option http-use-htx
|
|
http-request use-service prometheus-exporter if { path /metrics }
|
|
{% endif %}
|
|
stats enable
|
|
stats hide-version
|
|
stats realm Haproxy\ Statistics
|
|
stats uri /
|
|
stats show-node
|
|
stats show-legends
|
|
stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
|
|
stats admin if TRUE
|
|
stats refresh {{ haproxy_stats_refresh_interval }}s
|
|
{% endif %}
|