forked from saltstack-formulas/haproxy-formula
-
Notifications
You must be signed in to change notification settings - Fork 1
/
pillar.example
158 lines (148 loc) · 3.68 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#
# Example pillar configuration
#
haproxy:
enabled: True
config_file_path: /etc/haproxy/haproxy.cfg
global:
stats:
enable: True
socketpath: /var/lib/haproxy/stats
ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
user: haproxy
group: haproxy
chroot:
enable: True
path: /var/lib/haproxy
daemon: True
defaults:
log: global
mode: http
retries: 3
options:
- httplog
- dontlognull
- forwardfor
- http-server-close
timeouts:
- http-request 10s
- queue 1m
- connect 10s
- client 1m
- server 1m
- http-keep-alive 10s
- check 10s
errorfiles:
400: /etc/haproxy/errors/400.http
403: /etc/haproxy/errors/403.http
408: /etc/haproxy/errors/408.http
500: /etc/haproxy/errors/500.http
502: /etc/haproxy/errors/502.http
503: /etc/haproxy/errors/503.http
504: /etc/haproxy/errors/504.http
{# Suported by HAProxy 1.6 #}
resolvers:
local_dns:
options:
- nameserver resolvconf 127.0.0.1:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
listens:
stats:
bind:
- "0.0.0.0:8998"
mode: http
stats:
enable: True
uri: "/admin?stats"
refresh: "20s"
myservice:
bind:
- "*:8888"
options:
- forwardfor
- http-server-close
defaultserver:
slowstart: 60s
maxconn: 256
maxqueue: 128
weight: 100
servers:
web1:
host: web1.example.com
port: 80
check: check
web2:
host: web2.example.com
port: 18888
check: check
frontends:
frontend1:
name: www-http
bind: "*:80"
redirect: scheme https if !{ ssl_fc }
reqadd:
- "X-Forwarded-Proto:\\ http"
default_backend: www-backend
www-https:
bind: "*:443 ssl crt /etc/ssl/private/certificate-chain-and-key-combined.pem"
reqadd:
- "X-Forwarded-Proto:\\ https"
default_backend: www-backend
acls:
- url_static path_beg -i /static /images /javascript /stylesheets
- url_static path_end -i .jpg .gif .png .css .js
use_backends:
- static-backend if url_static
some-services:
bind:
- "*:8080"
- "*:8088"
default_backend: api-backend
backends:
backend1:
name: www-backend
balance: roundrobin
redirect: scheme https if !{ ssl_fc }
servers:
server1:
name: server1-its-name
host: 192.168.1.213
port: 80
check: check
static-backend:
balance: roundrobin
redirect: scheme https if !{ ssl_fc }
options:
- http-server-close
- httpclose
- forwardfor except 127.0.0.0/8
- httplog
cookie: "pm insert indirect"
stats:
enable: True
uri: /url/to/stats
realm: LoadBalancer
auth: "user:password"
servers:
some-server:
host: 123.156.189.111
port: 8080
check: check
api-backend:
options:
- http-server-close
- forwardfor
servers:
apiserver1:
host: apiserver1.example.com
port: 80
check: check
server2:
name: apiserver2
host: apiserver2.example.com
port: 80
check: check
extra: resolvers local_dns resolve-prefer ipv4