Skip to content
Snippets Groups Projects
Select Git revision
  • master
  • renovate/configure
  • feature/http-errors
  • fix/bionic-url-for-disco
  • feature/acl-in-defaults
  • v2.0.1
  • v2.0.0
  • v1.16.0
  • v1.15.0
  • v1.14.0
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.0
  • v1.10.0
  • v1.9.1
  • v1.9.0
  • v1.8
  • v1.8.0
  • v1.7
  • v1.6
  • v1.5
  • v1.4
  • v1.3
  • v1.2
25 results

main.yml

  • MonsterDruide1's avatar
    Adrian K. authored
    2f0f1796
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    main.yml 2.56 KiB
    ---
    
    haproxy_config_dir: "/etc/haproxy"
    haproxy_config_file: "{{ haproxy_config_dir }}/haproxy.cfg"
    
    haproxy_manage_config: true
    
    haproxy_manage_tls: true
    haproxy_wanted_certs: []
    haproxy_wanted_acme_domains: []
    haproxy_acme_backend_name: "acmetool"
    
    _haproxy_ssl_options: 'no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets'
    _haproxy_ssl_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'  # noqa yaml[line-length]
    _haproxy_ssl_ciphersuites: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'
    
    haproxy_default_compression_algo: gzip
    haproxy_default_compression_type:
      text/css
      text/xml
      application/javascript
      application/atom+xml
      application/rss+xml
      text/mathml
      text/plain
      text/x-component
      image/svg+xml
      application/json
      application/vnd.google-earth.kml+xml
      application/x-perl
      application/xhtml+xml
      application/xspf+xml
    
    _haproxy_global:
      log:
        - address: /dev/log
          facility: local0
        - address: /dev/log
          facility: local1
          level: notice
      user: haproxy
      group: haproxy
      daemon: true
      ssl_default_bind_options: '{{ _haproxy_ssl_options }}'
      ssl_default_bind_ciphers: '{{ _haproxy_ssl_ciphers }}'
      ssl_default_bind_ciphersuites: '{{ _haproxy_ssl_ciphersuites }}'
      ssl_default_server_options: '{{ _haproxy_ssl_options }}'
      ssl_default_server_ciphers: '{{ _haproxy_ssl_ciphers }}'
      ssl_default_server_ciphersuites: '{{ _haproxy_ssl_ciphersuites }}'
      tune:
        ssl.default-dh-param: 2048
    haproxy_global: {}
    
    _haproxy_defaults:
      mode: http
      log:
        - address: /dev/log
          facility: local0
        - address: /dev/log
          facility: local1
          level: notice
      timeout:
        - param: 'connect'
          value: '5000ms'
        - param: 'client'
          value: '50000ms'
        - param: 'server'
          value: '50000ms'
      options:
        - http-keep-alive