haproxy/examples/full-example.yaml

---
# Example playbook using role-haproxy
# This recreates the configuration from the README example

- name: "Deploy HAProxy Load Balancer"
  hosts: "haproxy_servers"
  become: true

  vars:

    # enable stats interface
    haproxy_stats:
      enabled: true
      bind: "10.120.32.10:9000"
      mode: "http"
      uri: "/"
      show_node: true
      refresh: "10s"
      auth: "admitcreation:gZ4hWWeMWy7Bd8"

    # frontends
    haproxy_frontends:

      # http frontend
      - name: "http-in"
        bind: "10.120.32.15:80"
        default_backend: "waf_itcreation_tools_http"

      # https frontend
      - name: "https-in"
        bind: "10.120.32.15:443"
        default_backend: "waf_itcreation_tools_https"

    # backends
    haproxy_backends:

      # http backend with simple load balancing
      - name: "waf_itcreation_tools_http"
        balance: "source"
        hash_type: "consistent"
        options:
          - "option httpchk GET /health"
        servers:

          # waf0.itcreation.tools
          - name: "waf0.itcreation.tools"
            address: "10.120.32.20:80"
            check: true
            send_proxy: true

          # waf1.itcreation.tools
          - name: "waf1.itcreation.tools"
            address: "10.120.32.21:80"
            check: true
            send_proxy: true

      # https backend with SSL session persistence
      - name: "waf_itcreation_tools_https"
        balance: "roundrobin"
        stick_table: "type binary len 2048 size 300k expire 30m"
        acls:
          - "clienthello req.ssl_hello_type 1"
          - "serverhello res.ssl_hello_type 2"
        tcp_request:
          - "inspect-delay 10s"
          - "content accept if clienthello"
        tcp_response:
          - "content accept if serverhello"
        stick:
          - "on req.payload_lv(43,1) if clienthello"
          - "store-response res.payload_lv(43,1) if serverhello"
        options:
          - "option httpchk GET /health"
        servers:

          # waf0.itcreation.tools
          - name: "waf0.itcreation.tools"
            address: "10.120.32.20:443"
            send_proxy: true
            check: true
            extra_params: "check-ssl verify none"

          # waf0.itcreation.tools
          - name: "waf1.itcreation.tools"
            address: "10.120.32.21:443"
            send_proxy: true
            check: true
            extra_params: "check-ssl verify none"

  roles:
    - "role-haproxy"