1716a70703
Add the 'ssl-default-bind-options no-sslv3' option to the configuration file so that SSLv3 is not enabled. Change-Id: I2d06189e61064d9af10bea1091fba31163331379 Closes-Bug: 1640560
42 lines
1.0 KiB
Django/Jinja
42 lines
1.0 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
global
|
|
log 127.0.0.1 local0
|
|
log 127.0.0.1 local1 notice
|
|
chroot /var/lib/haproxy
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
maxconn 4096
|
|
tune.bufsize 384000
|
|
stats socket /var/run/haproxy.stat level admin mode 600
|
|
{% if haproxy_ssl | bool %}
|
|
ssl-default-bind-options no-sslv3
|
|
tune.ssl.default-dh-param {{haproxy_ssl_dh_param}}
|
|
{% endif %}
|
|
|
|
defaults
|
|
log global
|
|
option dontlognull
|
|
option redispatch
|
|
retries 3
|
|
timeout client 50s
|
|
timeout connect 10s
|
|
timeout server 50s
|
|
maxconn 4096
|
|
|
|
{% if haproxy_stats_enabled | bool %}
|
|
listen stats
|
|
bind {{ haproxy_stats_bind_address }}:{{ haproxy_stats_port }}
|
|
mode http
|
|
stats enable
|
|
stats hide-version
|
|
stats realm Haproxy\ Statistics
|
|
stats uri /
|
|
stats show-node
|
|
stats show-legends
|
|
stats auth {{ haproxy_username }}:{{ haproxy_stats_password }}
|
|
stats admin if TRUE
|
|
stats refresh 60s
|
|
{% endif %}
|