1 # {{ cephadm_managed }}
4 chroot /var/lib/haproxy
5 pidfile /var/lib/haproxy/haproxy.pid
8 stats socket /var/lib/haproxy/stats
10 {% if spec.ssl_dh_param %}
11 tune.ssl.default-dh-param {{ spec.ssl_dh_param }}
13 {% if spec.ssl_ciphers %}
14 ssl-default-bind-ciphers {{ spec.ssl_ciphers | join(':') }}
16 {% if spec.ssl_options %}
17 ssl-default-bind-options {{ spec.ssl_options | join(' ') }}
24 {% if mode == 'http' %}
27 option http-server-close
28 option forwardfor except 127.0.0.0/8
33 timeout http-request 1s
34 timeout http-keep-alive 5s
39 {% if mode == 'tcp' %}
50 bind {{ ip }}:{{ monitor_port }}
51 bind localhost:{{ monitor_port }}
55 stats auth {{ user }}:{{ password }}
56 http-request use-service prometheus-exporter if { path /metrics }
60 {% if spec.ssl_cert %}
61 bind {{ ip }}:{{ frontend_port }} ssl crt /var/lib/haproxy/haproxy.pem
63 bind {{ ip }}:{{ frontend_port }}
65 default_backend backend
68 {% if mode == 'http' %}
71 option httpchk HEAD / HTTP/1.0
72 {% for server in servers %}
73 server {{ server.name }} {{ server.ip }}:{{ server.port }} check weight 100
76 {% if mode == 'tcp' %}
80 {% for server in servers %}
81 server {{ server.name }} {{ server.ip }}:{{ server.port }}