Compare revisions

725e43ef · 33c97d22 · 725e43ef · 725e43ef · 725e43ef · 725e43ef
--- a/templates/blacklist.referer
+++ b/templates/blacklist.referer
+{% if ansible_local is defined and ansible_local.blacklist is defined %}
+{% for line in ansible_local.blacklist.referer|default([]) %}
+{{line}}
+{% endfor %}
+{% endif %}
+{% for line in proxy_blacklist.referer|default([]) %}
+{{line}}
+{% endfor %}
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
-global
-  log 127.0.0.1:514 local0 warning
-  chroot /var/lib/haproxy
-  stats socket /run/haproxy/admin.sock mode 660 level admin
-  stats timeout 30s
-  user haproxy
-  group haproxy
-  daemon
-  ca-base /etc/haproxy/certs
-  crt-base /etc/haproxy/private
-  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  maxconn 256
-  pidfile /run/haproxy.pid
-  log-send-hostname {{inventory_hostname}}
-
-defaults
-  log global
-  mode http
-  option httplog
-  option dontlognull
-  timeout connect 5000
-  timeout client 120000
-  timeout server 120000
-  errorfile 400 /etc/haproxy/errors/400.http
-  errorfile 403 /etc/haproxy/errors/403.http
-  errorfile 408 /etc/haproxy/errors/408.http
-  errorfile 500 /etc/haproxy/errors/500.http
-  errorfile 502 /etc/haproxy/errors/502.http
-  errorfile 503 /etc/haproxy/errors/503.http
-  errorfile 504 /etc/haproxy/errors/504.http
-  option forwardfor
-  option http-server-close
-  retries 3
-  maxconn 1000
-  default_backend {{proxy_default_backend}}
-
-listen stats 127.0.0.1:7000
-  mode http
-  stats enable
-  stats admin if TRUE
-  stats uri /haproxy_stats
-  stats realm TineonLoadBalancerStats
-
-frontend http-in
-  bind *:80
-{% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
-  redirect prefix http://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% for host in groups['all'] %}
-{% if hostvars[host]['proxy_domains'] %}
-  acl domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
-  use_backend backend_{{host}} if domain_in_{{host}}
-{% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
-  acl crm_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.crm.list
-  use_backend backend_{{host}} if crm_domain_in_{{host}}
-{% endif %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
-  acl redirect_ssl_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
-  use_backend backend_redirect_ssl if redirect_ssl_{{host}}
-{% endif %}
-{% endfor %}
-
-frontend https-in
-  bind :443 ssl crt /etc/haproxy/certs/s-verein.de.pem no-sslv3
-{% for host in groups['all'] %}
-{% if hostvars[host]['proxy_redirect'] %}
-{% for redirect in hostvars[host]['proxy_redirect'] %}
-  redirect prefix https://{{redirect.to}} if { hdr_dom(host) -i {{redirect.from}} }
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% for host in groups['all'] %}
-{% if hostvars[host]['proxy_ssl_domains'] %}
-  acl ssl_domain_in_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
-  use_backend backend_{{host}} if ssl_domain_in_{{host}}
-{% endif %}
-{% if hostvars[host]['proxy_domains'] %}
-  acl redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
-  use_backend backend_redirect if redirect_{{host}}
-{% endif %}
-{% if hostvars[host]['proxy_crm_domains'] %}
-  acl crm_redirect_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.list
-  use_backend backend_redirect if crm_redirect_{{host}}
-{% endif %}
-{% endfor %}
-
-{% for host in groups['all'] %}
-{% if (hostvars[host]['proxy_domains']) or (hostvars[host]['proxy_ssl_domains']) or (hostvars[host]['proxy_crm_domains']) %}
-backend backend_{{host}}
-  server server_{{host}} {{hostvars[host]['ansible_default_ipv4']['address']}}:80 maxconn 32
-
-{% endif %}
-{% endfor %}
-
-backend backend_redirect_ssl
-  redirect scheme https if TRUE
-
-backend backend_redirect
-  redirect scheme http if TRUE
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
--- a/templates/hasocket
+++ b/templates/hasocket
+#!/bin/sh
+
+echo "$1" | sudo socat unix-connect:/run/haproxy/admin.sock stdio
--- a/templates/host_list
+++ b/templates/host_list
-{% for domain in hostvars[item]['proxy_domains'] %}
+{% for domain in hostvars[item].proxy_domains|default([]) %}
 {{domain}}
 {% endfor %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.protocol|default('https') == 'http' %}
+{% if domain.route_by_domain|default(true) %}
+{{domain.domain}}
+{% for alias in domain.aliases|default([]) %}
+{{alias}}
+{% endfor %}
+{% endif %}
+{% for trusted_domain in domain.trusted_domains|default([]) %}
+{{trusted_domain}}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endfor %}
--- a/templates/host_ssl_list
+++ b/templates/host_ssl_list
-{% for domain in hostvars[item]['proxy_ssl_domains'] %}
+{% for domain in hostvars[item].proxy_ssl_domains|default([]) %}
 {{domain}}
 {% endfor %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.protocol|default('https') == 'https' %}
+{% if domain.route_by_domain|default(true) %}
+{{domain.domain}}
+{% for alias in domain.aliases|default([]) %}
+{{alias}}
+{% endfor %}
+{% endif %}
+{% for trusted_domain in domain.trusted_domains|default([]) %}
+{{trusted_domain}}
+{% endfor %}
+{% endif %}
+{% endfor %}
+{% endfor %}
--- a/templates/ignore_varnish_list
+++ b/templates/ignore_varnish_list
+{% for item in groups.all %}
+{% for domain in hostvars[item].proxy_domains_ignore_varnish|default([]) %}
+{{domain}}
+{% endfor %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.ignore_varnish|default(false) %}
+{{domain.domain}}
+{% if domain.multidomain|default(false) %}
+{% for alias in domain.aliases|default([]) %}
+{{alias}}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}
--- a/templates/letsencrypt.ini
+++ b/templates/letsencrypt.ini
+../../letsencrypt/templates/letsencrypt.ini
\ No newline at end of file
--- a/templates/maintenance_list
+++ b/templates/maintenance_list
+{% for domain in proxy_maintenance_domains|default([]) %}
+{{domain}}
+{% endfor %}
--- a/templates/privatelist.domain.jinja2
+++ b/templates/privatelist.domain.jinja2
+{% for domain in haproxy_private.domain %}
+{{ domain }}
+{% endfor %}
--- a/templates/privatelist.ip.jinja2
+++ b/templates/privatelist.ip.jinja2
+{% for ip in haproxy_private.ip %}
+{{ ip }}
+{% endfor %}
--- a/templates/redirect.map.jinja2
+++ b/templates/redirect.map.jinja2
+{% for key in (proxy_redirect_maps[item]|default([]))|sort %}
+{{ key }} {{ proxy_redirect_maps[item][key] }}
+{% endfor %}
+{% for host in groups.all|sort %}
+{% if hostvars[host].ansible_local is defined and hostvars[host].ansible_local.proxy_redirect_maps is defined %}
+{% for key in (hostvars[host].ansible_local.proxy_redirect_maps[item]|default([]))|sort %}
+{{ key }} {{ hostvars[host].ansible_local.proxy_redirect_maps[item][key] }}
+{% endfor %}
+{% endif %}
+{% endfor %}
--- a/templates/update_sh
+++ b/templates/update_sh
-#!/bin/bash
-
-rm -Rf /tmp/haproxy_update
-mkdir /tmp/haproxy_update
-php /etc/haproxy/update/update.php 127.0.0.1 8011 root root crm /tmp/haproxy_update {{inventory_hostname}}
-rc=$?
-if [ $rc == 99 ]
-  then
-    cp /tmp/haproxy_update/* /etc/haproxy
-    service haproxy restart
-fi
--- a/templates/use_bigpipe_list
+++ b/templates/use_bigpipe_list
+{% for item in groups.all %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.bigpipe|default(false) %}
+{{domain.domain}}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}
No results found