diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-03-15 11:52:51 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-03-15 11:52:51 +0200 |
commit | 0fd7fc4e7d37a9007ab6f8182732aebec0fcb3db (patch) | |
tree | 7a4c8e9cbf96babf3a909c818069c7e42e3fbedb /roles/haproxy-for-ick/templates/haproxy.cfg.preamble | |
parent | 0201e613692b95b6d3ebaa375a0350df06ee1d28 (diff) | |
download | ick2-ansible-0fd7fc4e7d37a9007ab6f8182732aebec0fcb3db.tar.gz |
haproxy works
Diffstat (limited to 'roles/haproxy-for-ick/templates/haproxy.cfg.preamble')
-rw-r--r-- | roles/haproxy-for-ick/templates/haproxy.cfg.preamble | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/roles/haproxy-for-ick/templates/haproxy.cfg.preamble b/roles/haproxy-for-ick/templates/haproxy.cfg.preamble new file mode 100644 index 0000000..e01bc4e --- /dev/null +++ b/roles/haproxy-for-ick/templates/haproxy.cfg.preamble @@ -0,0 +1,37 @@ +global + log 127.0.0.1 local4 + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + tune.ssl.default-dh-param 2048 + ssl-default-bind-options no-tls-tickets + ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + + +frontend http-in + bind *:80 + bind *:443 ssl no-sslv3 no-tlsv10 crt /etc/ssl/haproxy.pem + + rspadd Strict-Transport-Security:\ max-age=15768000 |