Page MenuHomePhorge
Files F117877212

No OneTemporary
Actions

Authored By
Unknown
Size
6 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/deployments/ansible/roles/kolab-node/files/haproxy.cfg.j2 b/deployments/ansible/roles/kolab-node/files/haproxy.cfg.j2
index 5b66751..f62de71 100644
--- a/deployments/ansible/roles/kolab-node/files/haproxy.cfg.j2
+++ b/deployments/ansible/roles/kolab-node/files/haproxy.cfg.j2
@@ -1,212 +1,213 @@
global
log /dev/log local0 info
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode tcp
log global
option tcplog
option dontlognull
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend prometheus
bind {{ virtual_ip }}:8405
mode http
http-request use-service prometheus-exporter if { path /metrics }
no log
frontend k3s-frontend
bind {{ virtual_ip }}:6443
default_backend k3s-backend
backend k3s-backend
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s
server server-1 {{ primary_ip }}:6443 check
server server-2 {{ secondary_ip }}:6443 check
frontend http-frontend
bind {{ virtual_ip }}:80
+ http-request redirect scheme https unless { ssl_fc }
default_backend http-backend
backend http-backend
option httpchk GET /health
balance roundrobin
default-server inter 10s downinter 5s
# via ingress
#server server-1 {{ worker1_ip }}:80 check
#server server-2 {{ worker2_ip }}:80 check
server server-1 10.30.0.130:81 check check-send-proxy send-proxy
frontend https-frontend
bind {{ virtual_ip }}:443
# For activesync ping commands
timeout client 910s
default_backend https-backend
backend https-backend
option httpchk GET /health
balance roundrobin
default-server inter 10s downinter 5s
# For activesync ping commands
timeout server 910s
# via ingress
#server server-1 {{ worker1_ip }}:443 check
#server server-2 {{ worker2_ip }}:443 check
# To external-proxy. Disable CA verification. enable proxy-protocol and ssl for connection and health check.
server server-1 10.30.0.130:444 check check-send-proxy check-ssl verify none send-proxy
frontend galera-frontend
bind {{ virtual_ip }}:3306
default_backend galera
backend galera
balance source
mode tcp
option tcpka
option mysql-check user haproxy
server node1 {{ primary_ip }}:3306 check weight 1
server node2 {{ secondary_ip }}:3306 check weight 1
# FIXME ip visibility for sasl?
frontend imaps-frontend
bind {{ virtual_ip }}:993
# Facilitate NOOP by timing the client out after only 15 minutes plus a
# timeskew.
timeout client 910s
default_backend imaps-backend
backend imaps-backend
mode tcp
option tcp-check
# IMAP Banner check
tcp-check expect string *\ OK
balance roundrobin
default-server inter 10s downinter 5s
# Facilitate NOOP by timing the client out after only 15 minutes plus a
# timeskew.
timeout server 910s
# To external-imap. Disable CA verification.
#server server-1 10.30.0.128:993 check verify none
# To external-proxy. Disable CA verification. enable proxy-protocol and ssl for connection and health check.
server server-1 10.30.0.130:994 check check-send-proxy check-ssl verify none send-proxy
frontend imapcsync-frontend
bind {{ virtual_ip }}:2005
# Facilitate NOOP by timing the client out after only 15 minutes plus a
# timeskew.
timeout client 910s
default_backend imapcsync-backend
backend imapcsync-backend
mode tcp
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s
# Facilitate NOOP by timing the client out after only 15 minutes plus a
# timeskew.
timeout server 910s
# To external-imap. Disable CA verification.
server server-1 10.30.0.128:2005 check verify none
frontend smtp-frontend
bind {{ virtual_ip }}:25
default_backend smtp-backend
backend smtp-backend
mode tcp
option tcp-check
option smtpchk EHLO haproxy.{{ domain }}
balance roundrobin
default-server inter 10s downinter 5s
# To external-smtp
server server-1 10.30.0.129:25 check send-proxy
frontend submission-frontend
bind {{ virtual_ip }}:587
default_backend submission-backend
# FIXME ip visibility for submission?
backend submission-backend
mode tcp
option tcp-check
option smtpchk EHLO haproxy.{{ domain }}
balance roundrobin
default-server inter 10s downinter 5s
# To external-proxy
server server-1 10.30.0.130:588 check send-proxy
frontend submission-tls-frontend
bind {{ virtual_ip }}:465
default_backend submission-tls-backend
backend submission-tls-backend
mode tcp
option tcp-check
option smtpchk EHLO haproxy.{{ domain }}
balance roundrobin
default-server inter 10s downinter 5s
# To external-proxy. Disable CA verification. enable proxy-protocol and ssl for connection and health check.
server server-1 10.30.0.130:466 check check-send-proxy check-ssl verify none send-proxy
frontend meet-frontend
bind {{ virtual_ip }}:44444-44446
default_backend meet-backend
backend meet-backend
mode tcp
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s
server server-1 10.30.0.131:44444 check
server server-2 10.30.0.131:44445 check
server server-3 10.30.0.131:44446 check
frontend ldap-frontend
bind {{ virtual_ip }}:389
default_backend ldap-backend
backend ldap-backend
mode tcp
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s
# To external-ldap
server server-1 10.30.0.132:389 check
frontend ldaps-frontend
bind {{ virtual_ip }}:636
default_backend ldaps-backend
backend ldaps-backend
mode tcp
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s
# To external-ldap
server server-1 10.30.0.132:636 check

File Metadata

Mime Type
text/x-diff
Expires
Sun, Apr 5, 9:26 PM (3 w, 5 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18831230
Default Alt Text
(6 KB)

Event Timeline