some additional params...

devops-coop / ansible-haproxy

Installs and configure HAProxy

Apache License 2.0

96 stars 97 forks source link

some additional params... #49

Closed fw8 closed 7 years ago

fw8 commented 8 years ago

1.) enable the creation of a dedicated stats-page as follows:

haproxy_listen:

  - name: stats
    bind:
      - ':8888'
    description: stats for site
    stats:
      enabled: true
      uri: /
      realm: Haproxy\ Stats
      auth: admin:secret
      refresh: 5s

2.) add three missing ssl settings in global context:

# no-sslv3 to prevent SSLv3 Poodle vulnerability
  ssl_default_bind_options: no-sslv3 no-tls-tickets
  ssl_default_bind_ciphers: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
  tune:
    ssl:
      default_dh_param: 2048

pbuyle commented 7 years ago

Sorry for the delay and lack of actions. We are finding that we are not using this role anymore and cannot commit to its maintenance. We are looking for an individual or organization to take over. Please see #53 if you are interested.

benwebber commented 7 years ago

Hi @fw8,

We noticed you are keeping your PR branch updated with new features. That's fantastic, but by now this branch has diverged quite a bit from master and it's difficult to reconcile the two.

As far as I can tell, you've fixed a number of issues:

added tune ssl parameters (implemented another way in #59)
enabled TCP stats socket support
added some missing configurables to proxy sessions (rspadd, errorfile)

Each one of these would make a great individual PR. Would you like any help splitting this PR into several more focused ones?

Thanks!