Skip to content
Snippets Groups Projects
Commit 8ec38b2b authored by jurgenhaas's avatar jurgenhaas
Browse files

ansible-inventories/arocom#151 Configure Apache, HaProxy and Varnish for BigPipe

parent 358f7e90
No related branches found
No related tags found
No related merge requests found
......@@ -29,6 +29,15 @@
with_items: '{{ groups.all }}'
notify: 'Proxy | Restart HAProxy'
- name: "Proxy | Create use bigpipe host lists"
template:
src='use_bigpipe_list'
dest='/etc/haproxy/use_bigpipe.list'
owner='root'
group='root'
mode='644'
notify: 'Proxy | Restart HAProxy'
- name: "Proxy | Create ignore varnish host lists"
template:
src='ignore_varnish_list'
......
......@@ -84,13 +84,16 @@ frontend http_in
acl kibana_present hdr(host) -i -n '{{ kibana_domain|default(inventory_hostname) }}'
use_backend backend_redirect_ssl if kibana_present
{% endif %}
acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
{% if varnish_host|default(false) %}
acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
use_backend backend_varnish if static_content !domain_ignores_varnish
{% endif %}
{% for host in groups['all'] %}
acl domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
use_backend backend_{{host}}_bigpipe if domain_uses_bigpipe domain_in_{{host}}
use_backend backend_{{host}} if domain_in_{{host}}
{% if hostvars[host].proxy_crm_domains is defined %}
acl crm_domain_in_{{host}} hdr_dom(host) -i -n -f /etc/haproxy/{{host}}.crm.list
......@@ -139,13 +142,16 @@ frontend https_in_{{ cert.ip }}
acl is_{{ external.key }} {{ external.acl }}
use_backend backend_{{ external.key }} if is_{{ external.key }}
{% endfor %}
acl domain_uses_bigpipe hdr(host) -i -n -f /etc/haproxy/use_bigpipe.list
{% if varnish_host|default(false) %}
acl domain_ignores_varnish hdr(host) -i -n -f /etc/haproxy/ignore_varnish.list
use_backend backend_varnish_bigpipe if domain_uses_bigpipe !domain_ignores_varnish
acl static_content path_end .jpg .jpeg .gif .png .ico .swf .css .js .htm .html
use_backend backend_varnish if static_content !domain_ignores_varnish
{% endif %}
{% for host in groups['all'] %}
acl ssl_domain_in_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.ssl.list
use_backend backend_{{host}}_https_bigpipe if domain_uses_bigpipe ssl_domain_in_{{host}}
use_backend backend_{{host}}_https if ssl_domain_in_{{host}}
acl redirect_{{host}} hdr(host) -i -n -f /etc/haproxy/{{host}}.list
use_backend backend_redirect if redirect_{{host}}
......@@ -169,6 +175,14 @@ backend backend_{{host}}
server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
{% endif %}
backend backend_{{host}}_bigpipe
{% if host == inventory_hostname or host == 'localhost' %}
http-response deny
{% else %}
no option http-buffer-request
server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
{% endif %}
backend backend_{{host}}_https
{% if host == inventory_hostname or host == 'localhost' %}
http-response deny
......@@ -176,6 +190,15 @@ backend backend_{{host}}_https
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
{% endif %}
backend backend_{{host}}_https_bigpipe
{% if host == inventory_hostname or host == 'localhost' %}
http-response deny
{% else %}
no option http-buffer-request
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
server server_{{host}} {{hostvars[host]['static_ipv4']|default(hostvars[host]['ansible_default_ipv4']['address'])}}:80 maxconn 100
{% endif %}
{% endfor %}
{% if varnish_host|default(false) %}
......@@ -189,6 +212,18 @@ backend backend_varnish
{% else %}
server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
{% endif %}
backend backend_varnish_bigpipe
no option http-buffer-request
option httpchk HEAD /varnishcheck
http-check expect status 200
option forwardfor
hash-type consistent
{% if varnish_host == inventory_hostname %}
server varnish 127.0.0.1:6081 maxconn 1000
{% else %}
server varnish {{ varnish_host_ip|default('') }}:6081 maxconn 1000
{% endif %}
{% endif %}
backend backend_redirect_ssl
......
{% for item in groups.all %}
{% for drupal in hostvars[item].drupal_settings|default([]) %}
{% for domain in drupal.domains|default([]) %}
{% if domain.bigpipe|default(false) %}
{{domain.domain}}
{% endif %}
{% endfor %}
{% endfor %}
{% endfor %}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment