forked from evolix/ansible-roles
haproxy: dedicated internal address/binding (without SSL)
This commit is contained in:
parent
2686eea2b1
commit
a5a2c6e335
|
@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* haproxy: dedicated internal address/binding (without SSL)
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -1,34 +1,36 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||||
|
|
||||||
# backward compatibility with a previously used variable
|
# backward compatibility with a previously used variable
|
||||||
|
haproxy_stats_enable: False
|
||||||
haproxy_stats_ssl: True
|
haproxy_stats_ssl: True
|
||||||
haproxy_stats_host: "*"
|
haproxy_stats_host: "*"
|
||||||
haproxy_stats_port: "8080"
|
haproxy_stats_port: "8080"
|
||||||
haproxy_stats_path: "/"
|
haproxy_stats_path: "/"
|
||||||
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
||||||
|
|
||||||
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
haproxy_stats_internal_enable: True
|
||||||
|
haproxy_stats_internal_host: "127.0.0.1"
|
||||||
|
haproxy_stats_internal_port: "8081"
|
||||||
|
|
||||||
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||||
|
|
||||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
|
||||||
haproxy_update_config: True
|
|
||||||
haproxy_force_config: True
|
|
||||||
|
|
||||||
haproxy_socket: /run/haproxy/admin.sock
|
|
||||||
haproxy_chroot: /var/lib/haproxy
|
|
||||||
|
|
||||||
haproxy_stats_access_ips: []
|
haproxy_stats_access_ips: []
|
||||||
haproxy_stats_admin_ips: []
|
haproxy_stats_admin_ips: []
|
||||||
haproxy_stats_users: []
|
haproxy_stats_users: []
|
||||||
## use crypt(8) password encryption
|
## use crypt(8) password encryption
|
||||||
# haproxy_stats_users:
|
# haproxy_stats_users:
|
||||||
# - { login: "", password: "" }
|
# - { login: "", password: "" }
|
||||||
|
|
||||||
|
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||||
|
haproxy_update_config: True
|
||||||
|
haproxy_force_config: True
|
||||||
|
|
||||||
|
haproxy_socket: /run/haproxy/admin.sock
|
||||||
|
haproxy_chroot: /var/lib/haproxy
|
||||||
haproxy_maintenance_ips: []
|
haproxy_maintenance_ips: []
|
||||||
haproxy_deny_ips: []
|
haproxy_deny_ips: []
|
||||||
|
|
||||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
|
||||||
|
|
||||||
haproxy_stats_enable: False
|
|
||||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
|
||||||
|
|
||||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||||
haproxy_backports_packages_buster: haproxy
|
haproxy_backports_packages_buster: haproxy
|
||||||
|
|
|
@ -45,6 +45,9 @@ userlist stats_users
|
||||||
listen stats
|
listen stats
|
||||||
mode http
|
mode http
|
||||||
bind {{ haproxy_stats_bind_directive }}
|
bind {{ haproxy_stats_bind_directive }}
|
||||||
|
{% if haproxy_stats_internal_enable %}
|
||||||
|
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||||
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||||
|
|
|
@ -1,2 +1,4 @@
|
||||||
[haproxy_*]
|
[haproxy_*]
|
||||||
env.url {{ haproxy_stats_internal_url }};csv;norefresh
|
{% if haproxy_stats_internal_enable %}
|
||||||
|
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue