66 lines
1.8 KiB
YAML
66 lines
1.8 KiB
YAML
---
|
|
# mappings
|
|
profiles::haproxy::mappings:
|
|
fe_http:
|
|
ensure: present
|
|
mappings:
|
|
- 'puppetboard.main.unkin.net be_puppetboard'
|
|
- 'puppetdbapi.main.unkin.net be_puppetdbapi'
|
|
fe_https:
|
|
ensure: present
|
|
mappings:
|
|
- 'puppetboard.main.unkin.net be_puppetboard'
|
|
- 'puppetdbapi.main.unkin.net be_puppetdbapi'
|
|
|
|
profiles::haproxy::frontends:
|
|
fe_http:
|
|
options:
|
|
use_backend:
|
|
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_http.map,be_default)]"
|
|
fe_https:
|
|
options:
|
|
use_backend:
|
|
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
|
|
|
|
profiles::haproxy::backends:
|
|
be_puppetboard:
|
|
description: Backend for Puppetboard
|
|
collect_exported: false # handled in custom function
|
|
options:
|
|
balance: roundrobin
|
|
option:
|
|
- httpchk GET /
|
|
- forwardfor
|
|
cookie: SRVNAME insert
|
|
http-request:
|
|
- set-header X-Forwarded-Port %[dst_port]
|
|
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
redirect: 'scheme https if !{ ssl_fc }'
|
|
be_puppetdbapi:
|
|
description: Backend for the PuppetDB API
|
|
collect_exported: false # handled in custom function
|
|
options:
|
|
balance: roundrobin
|
|
option:
|
|
- httpchk GET /
|
|
- forwardfor
|
|
cookie: SRVNAME insert
|
|
http-request:
|
|
- set-header X-Forwarded-Port %[dst_port]
|
|
- add-header X-Forwarded-Proto https if { dst_port 443 }
|
|
redirect: 'scheme https if !{ ssl_fc }'
|
|
|
|
profiles::haproxy::certlist::enabled: true
|
|
profiles::haproxy::certlist::certificates:
|
|
- /etc/pki/tls/vault/certificate.pem
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- puppetboard.main.unkin.net
|
|
- puppetdbapi.main.unkin.net
|
|
|
|
# additional cnames
|
|
profiles::haproxy::dns::cnames:
|
|
- puppetboard.main.unkin.net
|
|
- puppetdbapi.main.unkin.net
|