ISTI-ansible-roles
/
ansible-role-docker-swarm
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

haproxy: http -> https by default.

This commit is contained in:
Andrea Dell'Amico 2022-02-21 15:04:06 +01:00
parent 4b05619e7f
commit cafc673ba5
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
3 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -28,7 +28,7 @@ docker_swarm_portainer_http_port: '9000'
docker_swarm_portainer_service_port: '8000'
docker_swarm_haproxy_additional_services: []
# - { acl_name: 'service', acl_rule: 'hdr_dom(host) -i service.example.com', service_name: 'service-', service_replica_num: '1', service_port: '9999', service_overlay_network: 'service-network' }
# - { acl_name: 'service', acl_rule: 'hdr_dom(host) -i service.example.com', service_name: 'service-', service_replica_num: '1', service_port: '9999', service_overlay_network: 'service-network', http_redirect_to_https: True }
```
Dependencies

1
defaults/main.yml
View File

@ -33,3 +33,4 @@ docker_swarm_keepalived_floating_ip: '127.0.0.1/8'
docker_swarm_keepalived_instance_name: 'VI_HAPROXY_1'
docker_swarm_haproxy_loglevel: '{{ haproxy_loglevel }}'
docker_swarm_haproxy_http2_enabled: True
docker_swarm_haproxy_backends_redirect_to_https: True

9
templates/haproxy.cfg.j2
View File

@ -81,7 +81,6 @@ frontend http
mode http
option http-keep-alive
option forwardfor
http-request add-header X-Forwarded-Proto https
# HSTS (63072000 seconds)
http-response set-header Strict-Transport-Security max-age=63072000
{% if docker_swarm_cluster_portainer_install %}
@ -100,7 +99,6 @@ frontend http
{% endif %}
{% endif %}
{% endfor %}
redirect scheme https code 301 if !{ ssl_fc }
{% if docker_swarm_cluster_portainer_install %}
use_backend portainer_bck if portainer_srv
{% endif %}
@ -202,6 +200,8 @@ backend portainer_bck
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
http-check expect rstatus (2|3)[0-9][0-9]
balance roundrobin
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request redirect scheme https code 301 unless { ssl_fc }
server-template portainer- 1 portainer_portainer:{{ docker_swarm_portainer_http_port }} check resolvers docker init-addr libc,none
{% endif %}
@ -228,6 +228,11 @@ backend {{ srv.acl_name }}_bck
stick on src
stick-table {{ srv.stick_table }} peers mypeers
{% endif %}
{% endif %}
{% if srv.http_redirect_to_https %}
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request redirect scheme https code 301 unless { ssl_fc }
{% endif %}
{% endif %}
server-template {{ srv.service_name }}- {{ srv.service_replica_num }} {{ srv.stack_name }}_{{ srv.service_name }}:{{ srv.service_port }} {{ srv.backend_options | default('') }} {% if srv.http_check_enabled is defined and srv.http_check_enabled %}check {{ srv.check_options | default('') }}{% endif %} resolvers docker init-addr libc,none