gsb/gsb2024
3
3
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 3 Wiki Activity
gsb2024/roles/lb-front-ssl/tasks/main.yml

76 lines
1.9 KiB
YAML
Raw Blame History

- name: install haproxy
apt:
name: haproxy
state: present
- name: Creer le repertoire du certificat
file:
path: /etc/haproxy/crt
state: directory
mode: '0755'
- name: Creer le repertoire de la cle privee
file:
path: /etc/haproxy/crt/private
state: directory
mode: '0755'
- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA)
openssl_privatekey:
path: /etc/haproxy/crt/private/haproxy.pem.key
size: 4096
type: RSA
state: present
- name: creer un certificat auto-signé
openssl_certificate:
path: /etc/haproxy/crt/private/haproxy.pem
privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key
provider: selfsigned
state: present
- name: s'assurer que le certificat a les bonnes permissions
file:
path: /etc/haproxy/crt/private/haproxy.pem
owner: root
group: haproxy
mode: '0640'
- name: parametre global
blockinfile:
path: /etc/haproxy/haproxy.cfg
block: |
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-server-verify none
- name: parametre backend et fontend
blockinfile:
path: /etc/haproxy/haproxy.cfg
block: |
frontend proxypublic
bind 192.168.100.10:80
bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem
http-request redirect scheme https unless { ssl_fc }
default_backend fermeweb
backend fermeweb
balance roundrobin
option httpclose
option httpchk HEAD / HTTP/1.0
server s-lb-web1 192.168.101.1:80 check
server s-lb-web2 192.168.101.2:80 check
- name: redemarre haproxy
service:
name: haproxy
# state: restarted
enabled: yes
Reference in New Issue View Git Blame Copy Permalink