haproxy
Installs and configures HAProxy.
Based on https://github.com/devops-coop/ansible-haproxy.
Deprecated Features
-
Since v1.0:
reqadd,reqdel,respaddand similar functions for header manipulation are deprecated since haproxy version 2.0 (https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-reqadd). Please usehttp_request(https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#http-request) as described in the sectionRole Variablesbelow. The actions are described in the haproxy doc.- example:
http_request: - action: 'set-header' param: 'X-Forwarded-Proto "https"'
- example:
Role Variables
-
haproxy_globalGlobal HAProxy settings.
-
haproxy_defaultsDefault settings for frontends, backends, and listen proxies.
-
haproxy_backendsA list of HAProxy backends.
-
haproxy_frontendsA list of HAProxy frontends.
-
haproxy_listenA list of listen proxies.
Here is a complete list of variables:
haproxy_global:
chroot:
pidfile:
maxconn:
user:
uid:
group:
gid:
daemon:
nbproc:
spread_checks:
stats:
socket:
timeout:
log:
- address:
facility:
level:
minlevel:
format:
ssl_default_bind_options:
ssl_default_bind_ciphers:
ssl_default_bind_ciphersuites:
tune:
chksize: 32768
ssl:
default-dh-param: 2048
zlib:
memlevel: 9
haproxy_defaults:
mode:
log:
- address:
facility:
level:
minlevel:
format:
options:
- <option>
retries:
timeout:
- param:
value:
maxconn:
stats:
enabled:
hide_version:
uri:
realm:
auth:
refresh:
compression:
algo:
type:
offload:
http_check:
disable_on_404:
expect:
send_state:
haproxy_frontends:
- name:
ip:
bind:
- 192.168.1.1:80
- 192.168.1.2:81
compression:
algo:
type:
offload:
ssl:
cert: /etc/ssl/private/cert.pem
acme_domains: domain.that.is.protected.by.letsencrypt.org
ciphers: 'RC4-SHA:AES128-SHA:AES:!ADH:!aNULL:!DH:!EDH:!eNULL'
cipersuites: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'
maxconn:
monitor:
uri:
fail:
- <condition>
condition:
-
acl:
- name:
condition:
http_request:
- action:
param:
condition:
http_response:
- action:
param:
condition:
rate_limit_sessions:
block:
-
options:
- forwardfor
default_backend:
use_backend:
- name:
condition:
timeout:
- param:
value:
haproxy_backends:
- name:
compression:
algo:
type:
offload:
disabled:
description:
balance:
log:
retries:
contimeout:
NOTE: contimeout is deprecated
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-contimeout
http_send_name_header:
http_check_expect:
- condition
acl:
- name:
condition:
servers:
- name:
ip:
port:
maxconn:
params:
- param1
options:
- forwardfor
timeout:
- param:
value:
appsession: 'JSESSIONID len 52 timeout 3h'
errorfile:
- code:
file:
haproxy_listen:
- name:
bind:
compression:
algo:
type:
offload:
ssl:
cert: /etc/ssl/private/cert.pem
ciphers: 'RC4-SHA:AES128-SHA:AES:!ADH:!aNULL:!DH:!EDH:!eNULL'
ciphersuites: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256'
disabled:
description:
balance:
log:
retries:
http_send_name_header:
http_check_expect:
- condition
acl:
- name:
condition:
servers:
- name:
ip:
port:
maxconn:
params:
- param1
options:
- forwardfor
timeout:
- param:
value:
appsession: 'JSESSIONID len 52 timeout 3h'
stats:
enabled:
hide_version:
uri:
realm:
auth:
refresh:
Example
- hosts: loadbalancers
roles:
- role: haproxy
haproxy_frontends:
- name: 'fe-mysupersite'
ip: '123.123.123.120'
port: '80'
maxconn: '1000'
default_backend: 'be-mysupersite'
haproxy_backends:
- name: 'be-mysupersite'
description: 'mysupersite is really cool'
servers:
- name: 'be-mysupersite-01'
ip: '192.168.1.100'License
Apache v2