diff options
Diffstat (limited to 'roles/haproxy')
| -rw-r--r-- | roles/haproxy/tasks/main.yml | 37 | ||||
| -rw-r--r-- | roles/haproxy/templates/haproxy.cfg.j2 | 79 |
2 files changed, 0 insertions, 116 deletions
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml deleted file mode 100644 index 2161b3b..0000000 --- a/roles/haproxy/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -- name: install haproxy - apt: - name: haproxy - -- name: create config dir - file: - state: directory - path: "{{ item }}" - owner: root - group: root - mode: 0755 - with_items: - - /etc/haproxy - -- name: install haproxy config - template: - src: haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0644 - -- name: install TLS certificate - copy: - content: "{{ tls_certificate }}" - dest: /etc/ssl/ick.pem - owner: root - group: root - mode: 0600 - -- name: enable and start haproxy - service: - name: "{{ item }}" - state: restarted - enabled: yes - with_items: - - haproxy diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 deleted file mode 100644 index 0a6ec70..0000000 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,79 +0,0 @@ -global - log 127.0.0.1 local4 - chroot /var/lib/haproxy - stats socket /run/haproxy/admin.sock mode 660 level admin - stats timeout 30s - user haproxy - group haproxy - daemon - - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - tune.ssl.default-dh-param 2048 - ssl-default-bind-options no-tls-tickets - ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK - -defaults - log global - mode http - option httplog - option dontlognull - timeout connect 5000 - timeout client 50000 - timeout server 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - - -frontend http-in - bind *:80 - bind *:443 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/haproxy.pem - - rspadd Strict-Transport-Security:\ max-age=15768000 - - acl ickweb path_beg /web - acl blobs path_beg /blobs - acl token path_beg /token - acl login path_beg /login - acl auth path_beg /auth - acl clients path_beg /clients - acl users path_beg /users - acl applications path_beg /applications - acl notify path_beg /notify - acl debian path_beg /debian - acl any method GET HEAD POST PUT DELETE - - use_backend apache if debian - use_backend ickweb if ickweb - use_backend notification_service if notify - use_backend artifact_store if blobs - use_backend qvisqve if token - use_backend qvisqve if login - use_backend qvisqve if auth - use_backend qvisqve if clients - use_backend qvisqve if users - use_backend qvisqve if applications - use_backend controller if any - -backend apache - server apache_1 127.0.0.1:8080 - -backend ickweb - server ickweb_1 127.0.0.1:{{ ickweb_port }} - -backend controller - server controller_1 127.0.0.1:{{ controller_port }} - -backend artifact_store - server artifact_store_1 127.0.0.1:{{ artifact_store_port }} - -backend qvisqve - server qvisqve_1 127.0.0.1:{{ qvisqve_port }} - -backend notification_service - server notify_1 127.0.0.1:{{ notify_port }} |