templates/blacklist.agent

+{% if ansible_local is defined and ansible_local.blacklist is defined %}
+{% for line in ansible_local.blacklist.agent|default([]) %}
+{{line}}
+{% endfor %}
+{% endif %}
+{% for line in proxy_blacklist.agent|default([]) %}
+{{line}}
+{% endfor %}

templates/blacklist.ip

+{% if ansible_local is defined and ansible_local.blacklist is defined %}
+{% for line in ansible_local.blacklist.ip|default([]) %}
+{{line}}
+{% endfor %}
+{% endif %}
+{% for line in proxy_blacklist.ip|default([]) %}
+{{line}}
+{% endfor %}

templates/blacklist.referer

+{% if ansible_local is defined and ansible_local.blacklist is defined %}
+{% for line in ansible_local.blacklist.referer|default([]) %}
+{{line}}
+{% endfor %}
+{% endif %}
+{% for line in proxy_blacklist.referer|default([]) %}
+{{line}}
+{% endfor %}

templates/haproxy_cfg

-global
-  log 127.0.0.1:20514 local1
-  chroot /var/lib/haproxy
-  stats socket /run/haproxy/admin.sock mode 660 level admin
-  stats timeout 30s
-  user haproxy
-  group haproxy
-  daemon
-  ca-base /etc/haproxy/certs
-  crt-base /etc/haproxy/private
-  ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  pidfile /run/haproxy.pid
-
-defaults
-  log global
-  log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
-  mode http
-  option dontlognull
-  timeout connect {{ proxy_timeout_connect }}
-  timeout client {{ proxy_timeout_client }}
-  timeout server {{ proxy_timeout_server }}
-  timeout check 1s
-  timeout http-keep-alive 3s
-  timeout http-request 10s  # slowloris protection
-  default-server inter 3s fall 2 rise 2 slowstart 60s
-  errorfile 400 /etc/haproxy/errors/400.http
-  errorfile 403 /etc/haproxy/errors/403.http
-  errorfile 408 /etc/haproxy/errors/408.http
-  errorfile 500 /etc/haproxy/errors/500.http
-  errorfile 502 /etc/haproxy/errors/502.http
-  errorfile 503 /etc/haproxy/errors/503.http
-  errorfile 504 /etc/haproxy/errors/504.http
-  option forwardfor
-  option http-server-close
-  retries 3
-  default_backend {{proxy_default_backend}}
-
-listen stats
-  bind 127.0.0.1:7000
-  mode http
-  stats enable
-  stats admin if TRUE
-  stats uri /haproxy_stats
-  stats realm LoadBalancerStats
-{% if kibana_users is defined %}
-
-userlist kibana
-{% for user in kibana_users %}
-  user {{ user.username }} insecure-password '{{ user.password }}'
-{% endfor %}
-{% endif %}
-
-frontend http_in
-  bind *:80
-  acl blockedip src  -i -f /etc/haproxy/blacklist
-  http-request deny if blockedip
-{% for host in groups['all'] %}
-{% for redirect in hostvars[host].proxy_redirect|default([]) %}
-  redirect prefix {{ redirect.protocol|default('https') }}://{{redirect.to}} code 301 if { hdr(host) -i -n {{redirect.from}} }
-{% endfor %}
-{% if proxy_redirect_aliase %}
-{% for drupal in hostvars[host].drupal_settings|default([]) %}
-{% for domain in drupal.domains|default([]) %}
-{% for alias in domain.aliases|default([]) %}
-  redirect prefix {{ domain.protocol|default('https') }}://{{domain.domain}} code 301 if { hdr(host) -i -n {{alias}} }
-{% endfor %}
-{% endfor %}
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% if kibana_users is defined %}
-  acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
-  use_backend backend_redirect_ssl if kibana_present
-{% endif %}
-{% if varnish_host|default(false) %}
-  acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
-  use_backend backend_varnish if static_content
-{% endif %}
-{% for host in groups['all'] %}
-  acl domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
-  use_backend backend_{{host}} if domain_in_{{host}}
-{% if hostvars[host].proxy_crm_domains is defined %}
-  acl crm_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.crm.list
-  use_backend backend_{{host}} if crm_domain_in_{{host}}
-{% endif %}
-  acl redirect_ssl_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
-  use_backend backend_redirect_ssl if redirect_ssl_{{host}}
-{% endfor %}
-{% for cert in proxy_certificates %}
-
-frontend https_in_{{ cert.ip }}
-  bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
-  acl blockedip src  -i -f /etc/haproxy/blacklist
-  http-request deny if blockedip
-{% for host in groups['all'] %}
-{% for redirect in hostvars[host].proxy_redirect|default([]) %}
-  redirect prefix {{ redirect.protocol|default('https') }}://{{redirect.to}} code 301 if { hdr(host) -i -n {{redirect.from}} }
-{% endfor %}
-{% if proxy_redirect_aliase %}
-{% for drupal in hostvars[host].drupal_settings|default([]) %}
-{% for domain in drupal.domains|default([]) %}
-{% for alias in domain.aliases|default([]) %}
-  redirect prefix {{ domain.protocol|default('https') }}://{{domain.domain}} code 301 if { hdr(host) -i -n {{alias}} }
-{% endfor %}
-{% endfor %}
-{% endfor %}
-{% endif %}
-{% endfor %}
-{% if kibana_users is defined %}
-  acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
-  use_backend backend_kibana if kibana_present
-{% endif %}
-{% for external in cert.external|default([]) %}
-  acl is_{{ external.key }} {{ external.acl }}
-  use_backend backend_{{ external.key }} if is_{{ external.key }}
-{% endfor %}
-{% if varnish_host|default(false) %}
-  acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
-  use_backend backend_varnish if static_content
-{% endif %}
-{% for host in groups['all'] %}
-  acl ssl_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
-  use_backend backend_{{host}}_https if ssl_domain_in_{{host}}
-  acl redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
-  use_backend backend_redirect if redirect_{{host}}
-{% if hostvars[host].proxy_crm_domains is defined %}
-  acl crm_redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
-  use_backend backend_redirect if crm_redirect_{{host}}
-{% endif %}
-{% endfor %}
-{% for external in cert.external|default([]) %}
-
-backend backend_{{ external.key }}
-  server server_{{ external.key }} {{ external.server }} maxconn 100
-{% endfor %}
-{% endfor %}
-{% for host in groups['all'] %}
-
-backend backend_{{host}}
-{% if host == inventory_hostname %}
-  http-response deny
-{% else %}
-  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
-{% endif %}
-
-backend backend_{{host}}_https
-{% if host == inventory_hostname %}
-  http-response deny
-{% else %}
-  http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
-  server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
-{% endif %}
-{% endfor %}
-{% if varnish_host|default(false) %}
-
-backend backend_varnish
-  option httpchk HEAD /varnishcheck
-  http-check expect status 200
-  option forwardfor
-  hash-type consistent
-{% if varnish_host == inventory_hostname %}
-  server varnish 127.0.0.1:6081 maxconn 1000
-{% else %}
-  server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
-{% endif %}
-{% endif %}
-
-backend backend_redirect_ssl
-  redirect scheme https if TRUE
-
-backend backend_redirect
-  redirect scheme http if TRUE
-{% if kibana_users is defined %}
-
-backend backend_kibana
-  server kibana 127.0.0.1:5601 maxconn 32
-  acl kibana_auth http_auth(kibana) if kibana_present
-  http-request auth realm Kibana if !kibana_auth
-{% endif %}

templates/hasocket

+#!/bin/sh
+
+echo "$1" | sudo socat unix-connect:/run/haproxy/admin.sock stdio

templates/host_list

@@ -4,10 +4,15 @@
 {% for drupal in hostvars[item].drupal_settings|default([]) %}
 {% for domain in drupal.domains|default([]) %}
 {% if domain.protocol|default('https') == 'http' %}
+{% if domain.route_by_domain|default(true) %}
 {{domain.domain}}
 {% for alias in domain.aliases|default([]) %}
 {{alias}}
 {% endfor %}
 {% endif %}
+{% for trusted_domain in domain.trusted_domains|default([]) %}
+{{trusted_domain}}
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% endfor %}

templates/host_ssl_list

@@ -4,10 +4,15 @@
 {% for drupal in hostvars[item].drupal_settings|default([]) %}
 {% for domain in drupal.domains|default([]) %}
 {% if domain.protocol|default('https') == 'https' %}
+{% if domain.route_by_domain|default(true) %}
 {{domain.domain}}
 {% for alias in domain.aliases|default([]) %}
 {{alias}}
 {% endfor %}
 {% endif %}
+{% for trusted_domain in domain.trusted_domains|default([]) %}
+{{trusted_domain}}
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% endfor %}

templates/ignore_varnish_list

+{% for item in groups.all %}
+{% for domain in hostvars[item].proxy_domains_ignore_varnish|default([]) %}
+{{domain}}
+{% endfor %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.ignore_varnish|default(false) %}
+{{domain.domain}}
+{% if domain.multidomain|default(false) %}
+{% for alias in domain.aliases|default([]) %}
+{{alias}}
+{% endfor %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}

templates/letsencrypt.ini

+../../letsencrypt/templates/letsencrypt.ini
\ No newline at end of file

templates/maintenance_list

+{% for domain in proxy_maintenance_domains|default([]) %}
+{{domain}}
+{% endfor %}

templates/privatelist.domain.jinja2

+{% for domain in haproxy_private.domain %}
+{{ domain }}
+{% endfor %}

templates/privatelist.ip.jinja2

+{% for ip in haproxy_private.ip %}
+{{ ip }}
+{% endfor %}

templates/redirect.map.jinja2

+{% for key in (proxy_redirect_maps[item]|default([]))|sort %}
+{{ key }} {{ proxy_redirect_maps[item][key] }}
+{% endfor %}
+{% for host in groups.all|sort %}
+{% if hostvars[host].ansible_local is defined and hostvars[host].ansible_local.proxy_redirect_maps is defined %}
+{% for key in (hostvars[host].ansible_local.proxy_redirect_maps[item]|default([]))|sort %}
+{{ key }} {{ hostvars[host].ansible_local.proxy_redirect_maps[item][key] }}
+{% endfor %}
+{% endif %}
+{% endfor %}

templates/use_bigpipe_list

+{% for item in groups.all %}
+{% for drupal in hostvars[item].drupal_settings|default([]) %}
+{% for domain in drupal.domains|default([]) %}
+{% if domain.bigpipe|default(false) %}
+{{domain.domain}}
+{% endif %}
+{% endfor %}
+{% endfor %}
+{% endfor %}