Refinements of the haproxy configuration. Another attempt to get the network configuration
This commit is contained in:
parent
3d717c1262
commit
cbb5370aa5
|
|
@ -8,21 +8,23 @@
|
||||||
scope: swarm
|
scope: swarm
|
||||||
with_items: '{{ docker_swarm_haproxy_additional_networks }}'
|
with_items: '{{ docker_swarm_haproxy_additional_networks }}'
|
||||||
|
|
||||||
# - name: Connect haproxy to the overlay networks
|
- name: Connect haproxy to the overlay networks
|
||||||
# docker_network:
|
docker_compose:
|
||||||
# name: '{{ item }}'
|
project_name: '{{ docker_haproxy_service_name }}'
|
||||||
# connected:
|
definition:
|
||||||
# - 'haproxy_haproxy'
|
services:
|
||||||
# appends: yes
|
'{{ docker_haproxy_service_name }}':
|
||||||
# with_items: '{{ docker_swarm_haproxy_networks }}'
|
networks: '{{ docker_swarm_haproxy_networks }}'
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
# - name: Connect haproxy to the overlay additional networks
|
- name: Connect haproxy to the overlay networks
|
||||||
# docker_network:
|
docker_compose:
|
||||||
# name: '{{ item }}'
|
project_name: '{{ docker_haproxy_service_name }}'
|
||||||
# connected:
|
definition:
|
||||||
# - 'haproxy_haproxy'
|
services:
|
||||||
# appends: yes
|
'{{ docker_haproxy_service_name }}':
|
||||||
# with_items: '{{ docker_swarm_haproxy_additional_networks }}'
|
networks: '{{ docker_swarm_haproxy_additional_networks }}'
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
when: docker_swarm_manager_main_node | bool
|
when: docker_swarm_manager_main_node | bool
|
||||||
tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]
|
tags: [ 'haproxy', 'docker_haproxy', 'docker_swarm', 'docker', 'docker_network' ]
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- import_tasks: haproxy_networks.yml
|
|
||||||
when: docker_swarm_cluster_haproxy_install
|
|
||||||
- import_tasks: haproxy_conf.yml
|
- import_tasks: haproxy_conf.yml
|
||||||
when: docker_swarm_cluster_haproxy_install
|
when: docker_swarm_cluster_haproxy_install
|
||||||
- import_tasks: portainer.yml
|
- import_tasks: portainer.yml
|
||||||
when: docker_swarm_cluster_portainer_install
|
when: docker_swarm_cluster_portainer_install
|
||||||
|
- import_tasks: haproxy_networks.yml
|
||||||
|
when: docker_swarm_cluster_haproxy_install
|
||||||
|
|
|
||||||
|
|
@ -38,10 +38,7 @@ defaults
|
||||||
timeout client 30s
|
timeout client 30s
|
||||||
timeout server 30s
|
timeout server 30s
|
||||||
log global
|
log global
|
||||||
mode http
|
|
||||||
option httplog
|
|
||||||
monitor-uri /_haproxy_health_check
|
monitor-uri /_haproxy_health_check
|
||||||
option http-keep-alive
|
|
||||||
timeout http-keep-alive {{ haproxy_global_keepalive_timeout }}
|
timeout http-keep-alive {{ haproxy_global_keepalive_timeout }}
|
||||||
timeout connect {{ haproxy_connect_timeout }}
|
timeout connect {{ haproxy_connect_timeout }}
|
||||||
timeout client {{ haproxy_client_timeout }}
|
timeout client {{ haproxy_client_timeout }}
|
||||||
|
|
@ -55,7 +52,9 @@ peers mypeers
|
||||||
peer local_haproxy 127.0.0.1:1024
|
peer local_haproxy 127.0.0.1:1024
|
||||||
|
|
||||||
listen stats
|
listen stats
|
||||||
bind 0.0.0.0:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
bind *:{{ haproxy_admin_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
stats enable
|
stats enable
|
||||||
stats uri /
|
stats uri /
|
||||||
stats realm HAProxy\ Statistics
|
stats realm HAProxy\ Statistics
|
||||||
|
|
@ -66,15 +65,19 @@ listen stats
|
||||||
|
|
||||||
listen local_stats
|
listen local_stats
|
||||||
bind 127.0.0.1:8881
|
bind 127.0.0.1:8881
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
stats enable
|
stats enable
|
||||||
stats uri /
|
stats uri /
|
||||||
stats realm HAProxy\ Statistics
|
stats realm HAProxy\ Statistics
|
||||||
|
|
||||||
frontend http
|
frontend http
|
||||||
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1
|
bind *:{{ https_port }} ssl crt {{ haproxy_cert_dir }} alpn h2,http/1.1 {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
|
||||||
bind *:{{ haproxy_default_port }}
|
bind *:{{ haproxy_default_port }} {% if docker_swarm_haproxy_installation_type == 'global' %}accept-proxy{% endif %}
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
|
option http-keep-alive
|
||||||
http-request add-header X-Forwarded-Proto https
|
http-request add-header X-Forwarded-Proto https
|
||||||
redirect scheme https code 301 if !{ ssl_fc }
|
|
||||||
# HSTS (63072000 seconds)
|
# HSTS (63072000 seconds)
|
||||||
http-response set-header Strict-Transport-Security max-age=63072000
|
http-response set-header Strict-Transport-Security max-age=63072000
|
||||||
{% if docker_swarm_cluster_portainer_install %}
|
{% if docker_swarm_cluster_portainer_install %}
|
||||||
|
|
@ -97,6 +100,7 @@ frontend http
|
||||||
{% endif %}
|
{% endif %}
|
||||||
use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
|
use_backend {{ srv.acl_name }}_bck if {{ srv.acl_name }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
redirect scheme https code 301 if !{ ssl_fc }
|
||||||
|
|
||||||
#
|
#
|
||||||
# Backends
|
# Backends
|
||||||
|
|
@ -105,12 +109,16 @@ frontend http
|
||||||
{% if docker_swarm_expose_api_via_haproxy %}
|
{% if docker_swarm_expose_api_via_haproxy %}
|
||||||
# swarm API
|
# swarm API
|
||||||
backend swarm_api_bck
|
backend swarm_api_bck
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
server swarm 127.0.0.1:{{ docker_api_port }}
|
server swarm 127.0.0.1:{{ docker_api_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if docker_swarm_cluster_portainer_install %}
|
{% if docker_swarm_cluster_portainer_install %}
|
||||||
backend portainer_bck
|
backend portainer_bck
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
option httpchk
|
option httpchk
|
||||||
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
||||||
http-check expect rstatus (2|3)[0-9][0-9]
|
http-check expect rstatus (2|3)[0-9][0-9]
|
||||||
|
|
@ -120,6 +128,8 @@ backend portainer_bck
|
||||||
|
|
||||||
{% for srv in docker_swarm_haproxy_additional_services %}
|
{% for srv in docker_swarm_haproxy_additional_services %}
|
||||||
backend {{ srv.acl_name }}_bck
|
backend {{ srv.acl_name }}_bck
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
option httpchk
|
option httpchk
|
||||||
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
|
||||||
http-check expect rstatus (2|3)[0-9][0-9]
|
http-check expect rstatus (2|3)[0-9][0-9]
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ docker_swarm_haproxy_constraints: '{{ haproxy_docker_swarm_haproxy_constraints }
|
||||||
# The allowed_networks parameter is optional
|
# The allowed_networks parameter is optional
|
||||||
docker_swarm_haproxy_additional_services: '{{ haproxy_docker_swarm_additional_services }}'
|
docker_swarm_haproxy_additional_services: '{{ haproxy_docker_swarm_additional_services }}'
|
||||||
|
|
||||||
|
docker_haproxy_service_name: 'haproxy_haproxy'
|
||||||
docker_swarm_haproxy_networks: '{{ haproxy_docker_swarm_networks }}'
|
docker_swarm_haproxy_networks: '{{ haproxy_docker_swarm_networks }}'
|
||||||
|
|
||||||
docker_swarm_haproxy_additional_networks: '{{ haproxy_docker_swarm_additional_networks }}'
|
docker_swarm_haproxy_additional_networks: '{{ haproxy_docker_swarm_additional_networks }}'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue