Release 10.1.0 #113
|
@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
|
|||
### Added
|
||||
|
||||
* certbot: detect HAProxy cert directory
|
||||
* haproxy: add deny_ips file to reject connections
|
||||
* haproxy: add some comments to default config
|
||||
* haproxy: enable stats frontend with access lists
|
||||
* haproxy: preconfigure SSL with defaults
|
||||
|
|
|
@ -11,6 +11,7 @@ haproxy_chroot: /var/lib/haproxy
|
|||
haproxy_stats_access_ips: []
|
||||
haproxy_stats_admin_ips: []
|
||||
haproxy_maintenance_ips: []
|
||||
haproxy_deny_ips: []
|
||||
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
||||
|
|
|
@ -76,6 +76,16 @@
|
|||
{% endfor %}
|
||||
notify: reload haproxy
|
||||
|
||||
- name: HAProxy deny_ips are present
|
||||
blockinfile:
|
||||
dest: /etc/haproxy/deny_ips
|
||||
create: yes
|
||||
block: |
|
||||
{% for ip in haproxy_deny_ips | default([]) %}
|
||||
{{ ip }}
|
||||
{% endfor %}
|
||||
notify: reload haproxy
|
||||
|
||||
- include: packages_backports.yml
|
||||
when: haproxy_backports
|
||||
|
||||
|
|
|
@ -70,6 +70,9 @@ listen stats
|
|||
# # Detect Let's Encrypt challenge requests
|
||||
# acl letsencrypt path_dir -i /.well-known/acme-challenge
|
||||
#
|
||||
# # Reject the request at the TCP level if source is in the denylist
|
||||
# tcp-request connection reject if { src -f /etc/haproxy/deny_ips }
|
||||
#
|
||||
# http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
# http-request set-header X-Forwarded-Port 443 if { ssl_fc }
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue