Refinements of the haproxy configuration. Another attempt to get the network configuration
This commit is contained in:
parent
3d717c1262
commit
cbb5370aa5
|
@ -8,21 +8,23 @@
|
|||
scope: swarm
|
||||
with_items: '{{ docker_swarm_haproxy_additional_networks }}'
|
||||
|
||||
# - name: Connect haproxy to the overlay networks
|
||||
# docker_network:
|
||||
# name: '{{ item }}'
|
||||
# connected:
|
||||
# - 'haproxy_haproxy'
|
||||
# appends: yes
|
||||
# with_items: '{{ docker_swarm_haproxy_networks }}'
|
||||
- name: Connect haproxy to the overlay networks
|
||||
docker_compose:
|
||||
project_name: '{{ docker_haproxy_service_name }}'
|
||||
definition:
|
||||
services:
|
||||
'{{ docker_haproxy_service_name }}':
|
||||
networks: '{{ docker_swarm_haproxy_networks }}'
|
||||
ignore_errors: True
|
||||
|
||||
# - name: Connect haproxy to the overlay additional networks
|
||||
# docker_network:
|
||||
# name: '{{ item }}'
|
||||
# connected:
|
||||
# - 'haproxy_haproxy'
|
||||
# appends: yes
|
||||
# with_items: '{{ docker_swarm_haproxy_additional_networks }}'
|
||||
- name: Connect haproxy to the overlay networks
|
||||
docker_compose:
|
||||
project_name: '{{ docker_haproxy_service_name }}'
|
||||
definition:
|
||||
services:
|
||||
'{{ docker_haproxy_service_name }}':
|
||||
networks: '{{ docker_swarm_haproxy_additional_networks }}'
|
||||
ignore_errors: True
|
||||
|
||||
when: docker_swarm_manager_main_node | bool
|
||||
tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- import_tasks: haproxy_networks.yml
|
||||
when: docker_swarm_cluster_haproxy_install
|
||||
- import_tasks: haproxy_conf.yml
|
||||
when: docker_swarm_cluster_haproxy_install
|
||||
- import_tasks: portainer.yml
|
||||
when: docker_swarm_cluster_portainer_install
|
||||
- import_tasks: haproxy_networks.yml
|
||||
when: docker_swarm_cluster_haproxy_install
|
||||
|
|
|
@ -38,10 +38,7 @@ defaults
|
|||
timeout client 30s
|
||||
timeout server 30s
|
||||
log global
|
||||
mode http
|
||||
option httplog
|
||||
monitor-uri /_haproxy_health_check
|
||||
option http-keep-alive
|
||||
timeout http-keep-alive {{ haproxy_global_keepalive_timeout }}
|
||||
timeout connect {{ haproxy_connect_timeout }}
|
||||
timeout client {{ haproxy_client_timeout }}
|
||||
|
@ -55,7 +52,9 @@ peers mypeers
|
|||
peer local_haproxy 127.0.0.1:1024
|
||||
|
||||
listen stats
|
||||
bind 0.0.0.0:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
bind *:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
mode http
|
||||
option httplog
|
||||
stats enable
|
||||
stats uri /
|
||||
stats realm HAProxy\ Statistics
|
||||
|
@ -66,15 +65,19 @@ listen stats
|
|||
|
||||
listen local_stats
|
||||
bind 127.0.0.1:8881
|
||||
mode http
|
||||
option httplog
|
||||
stats enable
|
||||
stats uri /
|
||||
stats realm HAProxy\ Statistics
|
||||
|
||||
frontend http
|
||||
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||
bind *:{{ haproxy_default_port }}
|
||||
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
|
||||
bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
|
||||
mode http
|
||||
option httplog
|
||||
option http-keep-alive
|
||||
http-request add-header X-Forwarded-Proto https
|
||||
redirect scheme https code 301 if !{ ssl_fc }
|
||||
# HSTS (63072000 seconds)
|
||||
http-response set-header Strict-Transport-Security max-age=63072000
|
||||
{% if docker_swarm_cluster_portainer_install %}
|
||||
|
@ -97,6 +100,7 @@ frontend http
|
|||
{% endif %}
|
||||
use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
|
||||
{% endfor %}
|
||||
redirect scheme https code 301 if !{ ssl_fc }
|
||||
|
||||
#
|
||||
# Backends
|
||||
|
@ -105,12 +109,16 @@ frontend http
|
|||
{% if docker_swarm_expose_api_via_haproxy %}
|
||||
# swarm API
|
||||
backend swarm_api_bck
|
||||
mode http
|
||||
option httplog
|
||||
balance roundrobin
|
||||
server swarm 127.0.0.1:{{ docker_api_port }}
|
||||
{% endif %}
|
||||
|
||||
{% if docker_swarm_cluster_portainer_install %}
|
||||
backend portainer_bck
|
||||
mode http
|
||||
option httplog
|
||||
option httpchk
|
||||
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
||||
http-check expect rstatus (2|3)[0-9][0-9]
|
||||
|
@ -120,6 +128,8 @@ backend portainer_bck
|
|||
|
||||
{% for srv in docker_swarm_haproxy_additional_services %}
|
||||
backend {{ srv.acl_name }}_bck
|
||||
mode http
|
||||
option httplog
|
||||
option httpchk
|
||||
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
||||
http-check expect rstatus (2|3)[0-9][0-9]
|
||||
|
|
|
@ -14,6 +14,7 @@ docker_swarm_haproxy_constraints: '{{ haproxy_docker_swarm_haproxy_constraints }
|
|||
# The allowed_networks parameter is optional
|
||||
docker_swarm_haproxy_additional_services: '{{ haproxy_docker_swarm_additional_services }}'
|
||||
|
||||
docker_haproxy_service_name: 'haproxy_haproxy'
|
||||
docker_swarm_haproxy_networks: '{{ haproxy_docker_swarm_networks }}'
|
||||
|
||||
docker_swarm_haproxy_additional_networks: '{{ haproxy_docker_swarm_additional_networks }}'
|
||||
|
|
Loading…
Reference in New Issue