ISTI-ansible-roles
/
ansible-role-docker-swarm
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Some cleanup of the haproxy configuration

This commit is contained in:
Andrea Dell'Amico 2020-10-05 18:44:15 +02:00
parent 54b12892b7
commit 48d659977e
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
templates/haproxy.cfg.j2
View File

@ -75,7 +75,7 @@ frontend http
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %} bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %} bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
mode http mode http
option http-keep-alive option http-keep-alive
redirect scheme https code 301 if !{ ssl_fc } redirect scheme https code 301 if !{ ssl_fc }
@ -84,14 +84,12 @@ frontend http
http-response set-header Strict-Transport-Security max-age=63072000 http-response set-header Strict-Transport-Security max-age=63072000
{% if docker_swarm_cluster_portainer_install %} {% if docker_swarm_cluster_portainer_install %}
acl portainer_srv hdr_dom(host) -i {{ docker_swarm_portainer_hostname }} acl portainer_srv hdr_dom(host) -i {{ docker_swarm_portainer_hostname }}
use_backend portainer_bck if portainer_srv
{% endif %} {% endif %}
{% if docker_swarm_expose_api_via_haproxy %} {% if docker_swarm_expose_api_via_haproxy %}
acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }} acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %} acl swarm_api_allowed_nets src {% for net in docker_swarm_api_networks_acl %} {{ net }}{% endfor %}
http-request deny if swarm_api !swarm_api_allowed_nets http-request deny if swarm_api !swarm_api_allowed_nets
use_backend swarm_api_bck if swarm_api
{% endif %} {% endif %}
{% for srv in docker_swarm_haproxy_additional_services %} {% for srv in docker_swarm_haproxy_additional_services %}
acl {{ srv.acl_name }} {{ srv.acl_rule }} acl {{ srv.acl_name }} {{ srv.acl_rule }}
@ -100,9 +98,17 @@ frontend http
http-request deny if {{ srv.acl_name }} !{{ srv.acl_name }}_nets http-request deny if {{ srv.acl_name }} !{{ srv.acl_name }}_nets
{% endif %} {% endif %}
use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
{% endfor %} {% endfor %}
{% if docker_swarm_cluster_portainer_install %}
use_backend portainer_bck if portainer_srv
{% endif %}
{% if docker_swarm_expose_api_via_haproxy %}
use_backend swarm_api_bck if swarm_api
{% endif %}
{% for srv in docker_swarm_haproxy_additional_services %}
use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
{% endfor %}
# #
# Backends # Backends
# #
@ -128,7 +134,6 @@ backend portainer_bck
{% for srv in docker_swarm_haproxy_additional_services %} {% for srv in docker_swarm_haproxy_additional_services %}
backend {{ srv.acl_name }}_bck backend {{ srv.acl_name }}_bck
mode http mode http
option httplog
option httpchk option httpchk
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
http-check expect rstatus (2|3)[0-9][0-9] http-check expect rstatus (2|3)[0-9][0-9]