haproxy: dedicated internal address/binding (without SSL)
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Jérémy Lecour 2021-04-06 14:41:03 +02:00 committed by Jérémy Lecour
parent 2686eea2b1
commit a5a2c6e335
4 changed files with 23 additions and 14 deletions

View File

@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
### Added ### Added
* haproxy: dedicated internal address/binding (without SSL)
### Changed ### Changed
### Fixed ### Fixed

View File

@ -1,34 +1,36 @@
--- ---
haproxy_ssl_dir: "/etc/haproxy/ssl/"
# backward compatibility with a previously used variable # backward compatibility with a previously used variable
haproxy_stats_enable: False
haproxy_stats_ssl: True haproxy_stats_ssl: True
haproxy_stats_host: "*" haproxy_stats_host: "*"
haproxy_stats_port: "8080" haproxy_stats_port: "8080"
haproxy_stats_path: "/" haproxy_stats_path: "/"
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}" haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}" haproxy_stats_internal_enable: True
haproxy_stats_internal_host: "127.0.0.1"
haproxy_stats_internal_port: "8081"
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}" haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
haproxy_update_config: True
haproxy_force_config: True
haproxy_socket: /run/haproxy/admin.sock
haproxy_chroot: /var/lib/haproxy
haproxy_stats_access_ips: [] haproxy_stats_access_ips: []
haproxy_stats_admin_ips: [] haproxy_stats_admin_ips: []
haproxy_stats_users: [] haproxy_stats_users: []
## use crypt(8) password encryption ## use crypt(8) password encryption
# haproxy_stats_users: # haproxy_stats_users:
# - { login: "", password: "" } # - { login: "", password: "" }
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
haproxy_update_config: True
haproxy_force_config: True
haproxy_socket: /run/haproxy/admin.sock
haproxy_chroot: /var/lib/haproxy
haproxy_maintenance_ips: [] haproxy_maintenance_ips: []
haproxy_deny_ips: [] haproxy_deny_ips: []
haproxy_ssl_dir: "/etc/haproxy/ssl/"
haproxy_stats_enable: False
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
haproxy_backports_packages_stretch: haproxy libssl1.0.0 haproxy_backports_packages_stretch: haproxy libssl1.0.0
haproxy_backports_packages_buster: haproxy haproxy_backports_packages_buster: haproxy

View File

@ -45,6 +45,9 @@ userlist stats_users
listen stats listen stats
mode http mode http
bind {{ haproxy_stats_bind_directive }} bind {{ haproxy_stats_bind_directive }}
{% if haproxy_stats_internal_enable %}
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
{% endif %}
acl stats_access_ips src -f /etc/haproxy/stats_access_ips acl stats_access_ips src -f /etc/haproxy/stats_access_ips
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips

View File

@ -1,2 +1,4 @@
[haproxy_*] [haproxy_*]
env.url {{ haproxy_stats_internal_url }};csv;norefresh {% if haproxy_stats_internal_enable %}
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
{% endif %}