Merge "Add prometheus main dashboard"
diff --git a/README.rst b/README.rst
index 871f567..da53030 100644
--- a/README.rst
+++ b/README.rst
@@ -2,7 +2,7 @@
HAproxy
=======
-The Reliable, High Performance TCP/HTTP Load Balancer.
+The Reliable, High Performance TCP/HTTP Load Balancer.
Sample pillars
@@ -133,7 +133,7 @@
- name: node1
host: 10.0.88.13
port: 5673
- params: check inter 5000 rise 2 fall 3
+ params: check inter 5000 rise 2 fall 3
- name: node2
host: 10.0.88.14
port: 5673
@@ -189,7 +189,7 @@
- name: node1
host: 10.0.88.13
port: 5673
- params: check inter 5000 rise 2 fall 3
+ params: check inter 5000 rise 2 fall 3
- name: node2
host: 10.0.88.14
port: 5673
@@ -361,6 +361,36 @@
- type: hdr_dom(host)
condition: docker.domain.com
+Enable customisable ``forwardfor`` option in ``defaults`` section.
+
+.. code-block:: yaml
+
+ haproxy:
+ proxy:
+ enabled: true
+ mode: tcp
+ logging: syslog
+ max_connections: 1024
+ forwardfor:
+ enabled: true
+ except:
+ header:
+ if-none: false
+
+.. code-block:: yaml
+
+ haproxy:
+ proxy:
+ enabled: true
+ mode: tcp
+ logging: syslog
+ max_connections: 1024
+ forwardfor:
+ enabled: true
+ except: 127.0.0.1
+ header: X-Real-IP
+ if-none: false
+
Read more
=========
diff --git a/haproxy/files/haproxy.cfg b/haproxy/files/haproxy.cfg
index 55b96d3..513db53 100644
--- a/haproxy/files/haproxy.cfg
+++ b/haproxy/files/haproxy.cfg
@@ -30,6 +30,9 @@
mode http
maxconn {{ proxy.maxconn|default(8000) }}
+{%- if proxy.get('forwardfor', {}).enabled|default(False) %}
+ option forwardfor{% if proxy.forwardfor.get('except', False) %} except {{proxy.forwardfor.except}}{% endif %}{% if proxy.forwardfor.get('header', False) %} header {{proxy.forwardfor.header}}{% endif %}{% if proxy.forwardfor.get('if-none') %} if-none{% endif %}
+{%- endif %}
option redispatch
retries {{ proxy.retries|default(3) }}
stats enable
@@ -206,9 +209,10 @@
{%- if listen.get('format', 'listen') == 'end' %}
frontend {{ listen_name }}
- bind {{ listen.binds[0].address }}:{{ listen.binds[0].port }}
- {% if listen.binds[0].get('ssl', {}).enabled|default(False) %}
- bind {{ listen.binds[0].address }}:{{ listen.binds[0].ssl_port|default('443') }} {% if listen.binds[0].ssl.pem_file is defined %}ssl crt {{ listen.binds[0].ssl.pem_file }}{% else %}ssl crt /etc/haproxy/ssl/{{ listen_name }}{% endif %}
+ {%- for bind in listen.binds %}
+ bind {{ bind.address }}:{{ bind.port }} {% if bind.get('ssl', {}).enabled|default(False) %} {% if bind.ssl.pem_file is defined %}ssl crt {{ bind.ssl.pem_file }}{% else %}ssl crt /etc/haproxy/ssl/{{ listen_name }}{% endif %} {% endif %}
+ {% endfor %}
+ {% if listen.get('force_ssl') == true %}
redirect scheme https code 301 if !{ ssl_fc }
{% endif %}
{%- for redirect in listen.get('redirects', []) %}
diff --git a/tests/pillar/admin.sls b/tests/pillar/admin.sls
index aa2c086..210d3cc 100644
--- a/tests/pillar/admin.sls
+++ b/tests/pillar/admin.sls
@@ -9,4 +9,4 @@
- address: '0.0.0.0'
port: 9600
user: admin
- password: password
\ No newline at end of file
+ password: password
diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 3d1e9e4..0129244 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls
@@ -1,6 +1,8 @@
haproxy:
proxy:
enabled: true
+ forwardfor:
+ enabled: true
mode: tcp
logging: syslog
- max_connections: 1024
\ No newline at end of file
+ max_connections: 1024
diff --git a/tests/pillar/single_forwardfor.sls b/tests/pillar/single_forwardfor.sls
new file mode 100644
index 0000000..2c78c52
--- /dev/null
+++ b/tests/pillar/single_forwardfor.sls
@@ -0,0 +1,11 @@
+haproxy:
+ proxy:
+ enabled: true
+ forwardfor:
+ enabled: true
+ except: 127.0.0.1
+ header: X-Custom-Header
+ if-none: true
+ mode: tcp
+ logging: syslog
+ max_connections: 1024
diff --git a/tests/pillar/stats.sls b/tests/pillar/stats.sls
index e84e01f..35935d4 100644
--- a/tests/pillar/stats.sls
+++ b/tests/pillar/stats.sls
@@ -1,6 +1,8 @@
haproxy:
proxy:
enabled: true
+ forwardfor:
+ enabled: false
listen:
admin_page:
type: stats