haproxy config with better names

2022-09-18 22:37:56 +02:00 · 2022-09-18 22:37:56 +02:00 · d81d0a7307
parent 0b1ce5e35d
commit d81d0a7307
1 changed files with 16 additions and 16 deletions
--- a/etc/haproxy/haproxy.cfg
+++ b/etc/haproxy/haproxy.cfg
@ -144,7 +144,7 @@ frontend external

    http-response add-header X-Boost-Step1 "haproxy-external; client-https" if  { ssl_fc }
    http-response add-header X-Boost-Step1 "haproxy-external; client-http"  if !{ ssl_fc }
-    http-response set-header X-Boost-Server {{ ansible_hostname }}
+    http-response set-header X-Boost-Server my-hostname

    # Debug: Enable this to add a full log line in the response
    ### http-response add-header X-Haproxy-Log-external "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
@ -160,15 +160,15 @@ frontend external
    use_backend letsencrypt if letsencrypt

 # BEGIN frontend_external section for site 'example'
-    acl example_domains hdr(host) -i example.com
-    acl example_domains2 hdr(host) -i example.org www.example.org
+    acl example_com_domains hdr(host) -i example.com
+    acl example_com_domains2 hdr(host) -i example.org www.example.org
    ### acl example_maintenance_ips src -f /etc/haproxy/example/maintenance_ips

    # Redirect to HTTPS without Let's Encrypt certificate
-    ### redirect scheme https code 301 if example_domains !{ ssl_fc }
+    ### redirect scheme https code 301 if example_com_domains !{ ssl_fc }

    # Redirect to HTTPS with Let's Encrypt certificate (exclude LE challenge from redirection)
-    ### redirect scheme https code 301 if example_domains !{ ssl_fc } !letsencrypt
+    ### redirect scheme https code 301 if example_com_domains !{ ssl_fc } !letsencrypt

    # Redirect a domain to another without Let's encrypt certificate
    ### redirect prefix https://example-to.org code 301 if { hdr(host) -i example-from.org }
@ -177,20 +177,20 @@ frontend external
    ### redirect prefix https://example-to.org code 301 if { hdr(host) -i example-from.org } !letsencrypt
    
    # HSTS (31536000 seconds = 1 year)
-    ### http-response set-header Strict-Transport-Security max-age=31536000 if example_domains
+    ### http-response set-header Strict-Transport-Security max-age=31536000 if example_com_domains

-    # custom directives, all conditionned by at least the "example_domains" ACL
-    ### http-request deny if example_domains { src 1.2.3.4 }
+    # custom directives, all conditionned by at least the "example_com_domains" ACL
+    ### http-request deny if example_com_domains { src 1.2.3.4 }

-    # routing directives, all conditionned by (at least) the "example_domains" ACL
+    # routing directives, all conditionned by (at least) the "example_com_domains" ACL
    # Maintenance mode (### -> uncomment BUT define example_maintenance_ips acl before)
-    ### use_backend example_maintenance if example_domains !example_maintenance_ips !maintenance_ips
+    ### use_backend example_maintenance if example_com_domains !example_maintenance_ips !maintenance_ips
 
    # Use Varnish if available
-    use_backend varnish if example_domains varnish_available varnish_http_verb
+    use_backend varnish if example_com_domains varnish_available varnish_http_verb

    # … or use normal backend
-    use_backend example if example_domains
+    use_backend example_com if example_com_domains
 # END frontend_external section for site 'example'

    default_backend goto_internal
@ -228,10 +228,10 @@ frontend internal
    # END HTTP tagging

 # BEGIN frontend_internal section for site 'example'
-    acl example_domains hdr(host) -i example.com
+    acl example_com_domains hdr(host) -i example.com

-    # routing directives, all conditionned by (at least) the "example_domains" ACL
-    use_backend example if example_domains
+    # routing directives, all conditionned by (at least) the "example_com_domains" ACL
+    use_backend example_com if example_com_domains
 # END frontend_internal section for site 'example'


@ -240,7 +240,7 @@ backend varnish
    server varnish_sock /run/varnish.sock check observe layer7 maxconn 3000 inter 1s send-proxy-v2

 # BEGIN backend section for site 'example'
-backend example
+backend example_com
    errorfile 503 /etc/haproxy/sites/example/maintenance.http
    http-response set-header X-Boost-Proto https if  { ssl_bc }
    http-response set-header X-Boost-Proto http  if !{ ssl_bc }