swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
eid-ops/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2
Maria Haider 26f6fae943
DNS name resolution order for haproxy config in test env 
Indicate in what order the server's address should be resolved upon
startup if it uses an FQDN.
2023-04-12 20:12:57 +02:00

107 lines
2.5 KiB
Django/Jinja
Raw Blame History

# haproxy for SUNET frontend load balancer nodes.
#
{% from "common/haproxy_macros.j2" import output_backends %}
{% block global %}
global
log /dev/log local0
daemon
maxconn 256
stats socket /var/run/haproxy-control/stats mode 600
#server-state-file /tmp/server_state
user haproxy
group haproxy
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
tune.ssl.default-dh-param 2048
spread-checks 20
{% endblock global %}
{% block defaults %}
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
option forwardfor
# funny looking values because recommendation is to have these slightly
# above mulitples of three seconds to play nice with TCP resend timers
timeout check 5s
timeout connect 4s
timeout client 17s
timeout server 17s
timeout http-request 5s
balance roundrobin
# never fail on address resolution
default-server init-addr libc,none
{% endblock defaults %}
{% block stats %}
frontend LB-http
# expose stats info over HTTP to exabgp
bind 127.0.0.1:9000
http-request set-log-level silent
default_backend LB
backend LB
stats enable
#stats hide-version
stats uri /haproxy_stats
{% endblock stats %}
{% block global_backends %}
{% if letsencrypt_server is defined %}
backend letsencrypt_{{ letsencrypt_server }}
server letsencrypt_{{ letsencrypt_server }} {{ letsencrypt_server }}:80
{% else %}
# letsencrypt_server not defined
{% endif %}
{% endblock global_backends %}
{% block https_everything %}
#
# Redirect _everything_ to HTTPS
frontend http-frontend
bind 0.0.0.0:80
bind :::80
redirect scheme https code 301 if !{ ssl_fc } ! { path_beg /.well-known/acme-challenge/ }
{% if letsencrypt_server is defined %}
use_backend letsencrypt_{{ letsencrypt_server }} if { path_beg /.well-known/acme-challenge/ }
{% else %}
# letsencrypt_server not defined
{% endif %}
{% endblock https_everything %}
#
# Frontend section
#
{% block frontend %}
{% endblock frontend %}
#
# Backend section
#
{% block pre_backend %}
{% endblock pre_backend %}
{% block backend %}
{{ output_backends(backends, config=['cookie SERVERID insert indirect nocache']) }}
backend failpage
server failpage 0.0.0.0:82 backup
{% endblock backend %}
Reference in a new issue View git blame Copy permalink