--- # mappings profiles::haproxy::mappings::list: - 'puppetboard.main.unkin.net be_puppetboard' profiles::haproxy::backends: be_puppetboard: description: Backend for Puppetboard collect_exported: false # handled in custom function options: balance: roundrobin option: - httpchk GET / - forwardfor cookie: SRVNAME insert http-request: - set-header X-Forwarded-Port %[dst_port] - add-header X-Forwarded-Proto https if { dst_port 443 } redirect: 'scheme https if !{ ssl_fc }' be_letsencrypt: description: Backend for LetsEncrypt Verifications collect_exported: true options: balance: roundrobin be_default: description: Backend for unmatched HTTP traffic collect_exported: true options: balance: roundrobin option: - httpchk GET / - forwardfor cookie: SRVNAME insert http-request: - set-header X-Forwarded-Port %[dst_port] - add-header X-Forwarded-Proto https if { dst_port 443 } # fe_http profiles::haproxy::fe_http::bind_addr: 0.0.0.0 profiles::haproxy::fe_http::bind_port: 80 profiles::haproxy::fe_http::bind_opts: - transparent profiles::haproxy::fe_http::acls: - 'acl-letsencrypt path_beg /.well-known/acme-challenge/' profiles::haproxy::fe_http::http_request: - 'set-header X-Forwarded-Proto https' - 'set-header X-Real-IP %[src]' # fe_https profiles::haproxy::fe_https::bind_addr: 0.0.0.0 profiles::haproxy::fe_https::bind_port: 443 profiles::haproxy::fe_https::bind_opts: - ssl - crt-list /etc/haproxy/certificate.list - ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH - force-tlsv12 profiles::haproxy::fe_https::acls: - 'acl-letsencrypt path_beg /.well-known/acme-challenge/' profiles::haproxy::fe_https::http_request: - 'set-header X-Forwarded-Proto https' - 'set-header X-Real-IP %[src]' profiles::haproxy::certlist::enabled: true profiles::haproxy::certlist::certificates: - /etc/pki/tls/vault/certificate.pem # additional altnames profiles::pki::vault::alt_names: - puppetboard.main.unkin.net