unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
dc428543cf
puppet-prod/hieradata/roles/infra/halb/haproxy.yaml
Ben Vincent 2091f1ada3 feat: add haproxy profile 
- add haproxy server class
- add haproxy profile to role
- add hiera data for region specific haproxy
- add selinux configuration
- add certlist management
- add default http and https frontends
- add default stats listener
2024-04-06 03:27:45 +11:00

41 lines
1.0 KiB
YAML
Raw Blame History

---
profiles::haproxy::ls_stats::port: 9090
profiles::haproxy::ls_stats::user: 'admin'
profiles::selinux::setenforce::mode: permissive
profiles::haproxy::selinux::ports:
- 9090
profiles::haproxy::selinux::sebooleans:
- haproxy_connect_any
profiles::haproxy::server::globals:
stats:
- timeout 30s
- socket /var/lib/haproxy/stats
ca-base: /etc/ssl/certs
crt-base: /etc/ssl/private
ssl-default-bind-ciphers: EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ssl-default-bind-options: 'ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3'
ssl-default-server-ciphers: kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-server-options: no-sslv3
tune.ssl.default-dh-param: 2048
profiles::haproxy::server::defaults:
mode: http
option:
- httplog
- dontlognull
- http-server-close
- forwardfor except 127.0.0.0/8
- redispatch
timeout:
- http-request 10s
- queue 1m
- connect 10s
- client 5m
- server 5m
- http-keep-alive 10s
- check 10s
retries: 3
maxconn: 5000
Reference in New Issue View Git Blame Copy Permalink