Files
8168af663584e3487bb6ba92cc4f9f93bce18abd
Dmitriy Rabotyagov
6025eaac36
Allow do disable SSL only for stats frontend
Currently there is no way of disabling SSL connection for stats frontend as it implies more global variable. However, for some systems consuming self-signed root certificate might be not an option and disabling SSL verification tricky. Thus, we introduce new variable that allows to nicely control if SSL should be served for stats frontend or not. Change-Id: Ic4bc4393ec89469876e9e95b12bb9c4069972713
65 lines
2.4 KiB
Django/Jinja
65 lines
2.4 KiB
Django/Jinja
# {{ ansible_managed }}
global
log /dev/log local0
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
maxconn {{ haproxy_maxconn }}
{% for key, value in ((_haproxy_default_tuning_params | default({})) | combine(haproxy_tuning_params)).items() %}
{{ key }}{{ value }}
{% endfor %}
stats socket /var/run/haproxy.stat level admin mode 600
{% if haproxy_stats_process is defined %}
stats bind-process {{ haproxy_stats_process }}
{% endif %}
{% if haproxy_ssl | bool %}
ssl-default-bind-options {{ haproxy_ssl_bind_options }}
ssl-default-server-options {{ haproxy_ssl_server_options }}
{% if haproxy_ssl_cipher_suite_tls13 != "" -%}
ssl-default-bind-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
ssl-default-server-ciphersuites {{ haproxy_ssl_cipher_suite_tls13 }}
{% endif -%}
{% if haproxy_ssl_cipher_suite_tls12 != "" -%}
ssl-default-bind-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
ssl-default-server-ciphers {{ haproxy_ssl_cipher_suite_tls12 }}
{% endif -%}
tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
{% endif %}
defaults
log global
option dontlognull
option redispatch
option {{ haproxy_keepalive_mode }}
retries {{ haproxy_retries }}
timeout client {{ haproxy_client_timeout }}
timeout connect {{ haproxy_connect_timeout }}
timeout http-request {{ haproxy_http_request_timeout }}
timeout server {{ haproxy_server_timeout }}
maxconn {{ haproxy_maxconn }}
{% if haproxy_stats_enabled | bool %}
listen stats
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }}{% if haproxy_stats_ssl | bool %}ssl crt {{ haproxy_ssl_cert_path }}/haproxy_{{ ansible_facts['hostname'] }}-{{ haproxy_bind_internal_lb_vip_address }}.pem{% endif %}
{% if haproxy_stats_process is defined %}
bind-process {{ haproxy_stats_process }}
{% endif %}
mode http
{% if haproxy_stats_prometheus_enabled | bool %}
option http-use-htx
http-request use-service prometheus-exporter if { path /metrics }
{% endif %}
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats show-node
stats show-legends
stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
stats admin if TRUE
stats refresh {{ haproxy_stats_refresh_interval }}s
{% endif %}