HAPROXY listen on ipv4 only by default.
This commit is contained in:
parent
f260f06387
commit
8a7939175e
GPG Key ID:
147ABE6CEB9E20FF
|
|
@ -8,6 +8,8 @@ docker_swarm_haproxy_accept_proxy: '{{ docker_swarm_haproxy_accept_proxy_var | b
|
|||
docker_swarm_haproxy_keepalive_installation: false
|
||||
docker_swarm_haproxy_swarm_port: '{{ docker_api_port }}'
|
||||
docker_swarm_haproxy_plain_http_api: true
|
||||
docker_swarm_haproxy_ipv4_only: true
|
||||
docker_swarm_haproxy_ipv6_only: false
|
||||
#
|
||||
docker_swarm_expose_api_via_haproxy: true
|
||||
docker_swarm_expose_api_hostname: 'swarm.example.com'
|
||||
|
|
|
|||
|
|
@ -54,7 +54,13 @@ peers mypeers
|
|||
peer local_haproxy 127.0.0.1:1024
|
||||
|
||||
listen stats
|
||||
{% if docker_swarm_haproxy_ipv4_only %}
|
||||
bind 0.0.0.0:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
{% elif docker_swarm_haproxy_ipv6_only %}
|
||||
bind :::{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
{% else %}
|
||||
bind *:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
{% endif %}
|
||||
mode http
|
||||
http-request use-service prometheus-exporter if { path /metrics }
|
||||
option httplog
|
||||
|
|
@ -77,7 +83,13 @@ listen local_stats
|
|||
{% if docker_swarm_haproxy_plain_http_listener %}
|
||||
|
||||
frontend http_{{ docker_swarm_haproxy_plain_http_port }}
|
||||
{% if docker_swarm_haproxy_ipv4_only %}
|
||||
bind 0.0.0.0:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
{% elif docker_swarm_haproxy_ipv6_only %}
|
||||
bind :::{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
{% else %}
|
||||
bind *:{{ docker_swarm_haproxy_plain_http_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
{% endif %}
|
||||
|
||||
mode http
|
||||
option http-keep-alive
|
||||
|
|
@ -108,10 +120,22 @@ frontend http_{{ docker_swarm_haproxy_plain_http_port }}
|
|||
{% endif %}
|
||||
|
||||
frontend http
|
||||
{% if docker_swarm_haproxy_ipv4_only %}
|
||||
bind 0.0.0.0:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
|
||||
|
||||
bind 0.0.0.0:{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
|
||||
{% elif docker_swarm_haproxy_ipv6_only %}
|
||||
bind :::{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
|
||||
|
||||
bind :::{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
|
||||
{% else %}
|
||||
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }}{% if docker_swarm_haproxy_http2_enabled %} alpn h2,http/1.1{% endif %}{% if docker_swarm_haproxy_accept_proxy %} accept-proxy{% endif %}
|
||||
|
||||
bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_accept_proxy %}accept-proxy{% endif %}
|
||||
|
||||
{% endif %}
|
||||
mode http
|
||||
option http-keep-alive
|
||||
option httplog
|
||||
|
|
@ -154,12 +178,26 @@ frontend http
|
|||
|
||||
{% if docker_swarm_expose_api_via_haproxy %}
|
||||
frontend docker_ft
|
||||
{% if docker_swarm_haproxy_ipv4_only %}
|
||||
{% if docker_swarm_haproxy_plain_http_api %}
|
||||
bind :{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
bind 0.0.0.0:{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% else %}
|
||||
bind :{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
bind 0.0.0.0:{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% elif docker_swarm_haproxy_ipv6_only %}
|
||||
{% if docker_swarm_haproxy_plain_http_api %}
|
||||
bind :::{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% else %}
|
||||
bind :::{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if docker_swarm_haproxy_plain_http_api %}
|
||||
bind *:{{ docker_swarm_haproxy_swarm_port }} {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% else %}
|
||||
bind *:{{ docker_swarm_haproxy_swarm_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_accept_proxy and docker_swarm_api_accept_proxy %}accept-proxy{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
mode {{ docker_swarm_api_haproxy_mode }}
|
||||
acl swarm_api hdr_dom(host) -i {{ docker_swarm_expose_api_hostname }}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue