rgarrigue · October 14, 2019 15:21
diff --git a/cfg b/cfg
 Ansible managed

 global
  log /dev/log  local0
  log /dev/log  local1 notice
  log 127.0.0.1 local2 notice
  stats socket /var/lib/haproxy/stats level admin
  user haproxy
  group company
  daemon
  # Inspired by https://ssl-config.mozilla.org/#server=haproxy&config=intermediate
  ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-dh-param-file /etc/haproxy/dhparam.pem

 defaults
  log global
  mode  http
  option  httplog
  option  dontlognull
  timeout connect 5s
  timeout client  60s
  timeout server  60s
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http
  
 # !!! TEMPLATE MANAGED BY ANSIBLE !!!
 # !!! CONFIG FILE MANAGED BY CONSUL-TEMPLATE !!!

 resolvers consul
  nameserver consul 127.0.0.1:8600
  accepted_payload_size 8192
  resolve_retries       3
  timeout retry         1s
  hold other           30s
  hold refused         30s
  hold nx              30s
  hold timeout         30s
  hold valid           10s

 frontend f_http
  bind *:80
  use_backend b_%[req.hdr(Host),lower,word(1,:)]

 backend b_consul.company.dev
  balance roundrobin
  server-template consul-ui 2-10 _consul-ui._tcp.service.development.company:8500 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

 backend b_haproxy.company.dev
  balance roundrobin
  server-template haproxy-stats 2-10 _haproxy-stats._tcp.service.development.company:1936 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

 backend b_swarm-accessd.company.dev
  balance roundrobin
  server-template swarm-accessd 2-10 _swarm-accessd._tcp.service.development.company:9810 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

 backend b_swarm-subscription.company.dev
  balance roundrobin
  server-template swarm-subscription 2-10 _swarm-subscription._tcp.service.development.company:9811 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check
	Ansible managed

	global
	log /dev/log local0
	log /dev/log local1 notice
	log 127.0.0.1 local2 notice
	stats socket /var/lib/haproxy/stats level admin
	user haproxy
	group company
	daemon
	# Inspired by https://ssl-config.mozilla.org/#server=haproxy&config=intermediate
	ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
	ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
	ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
	ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
	ssl-dh-param-file /etc/haproxy/dhparam.pem

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5s
	timeout client 60s
	timeout server 60s
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	# !!! TEMPLATE MANAGED BY ANSIBLE !!!
	# !!! CONFIG FILE MANAGED BY CONSUL-TEMPLATE !!!

	resolvers consul
	nameserver consul 127.0.0.1:8600
	accepted_payload_size 8192
	resolve_retries 3
	timeout retry 1s
	hold other 30s
	hold refused 30s
	hold nx 30s
	hold timeout 30s
	hold valid 10s

	frontend f_http
	bind *:80
	use_backend b_%[req.hdr(Host),lower,word(1,:)]

	backend b_consul.company.dev
	balance roundrobin
	server-template consul-ui 2-10 _consul-ui._tcp.service.development.company:8500 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

	backend b_haproxy.company.dev
	balance roundrobin
	server-template haproxy-stats 2-10 _haproxy-stats._tcp.service.development.company:1936 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

	backend b_swarm-accessd.company.dev
	balance roundrobin
	server-template swarm-accessd 2-10 _swarm-accessd._tcp.service.development.company:9810 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check

	backend b_swarm-subscription.company.dev
	balance roundrobin
	server-template swarm-subscription 2-10 _swarm-subscription._tcp.service.development.company:9811 resolvers consul resolve-opts allow-dup-ip resolve-prefer ipv4 check