From 41295bf7fd765a6b2b220c757cc5e9a9f7efdac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20R=C3=BCckert?= Date: Thu, 1 Aug 2019 18:23:11 +0200 Subject: [PATCH 1/3] Add support for errorfiles in listen and backend blocks --- haproxy/templates/haproxy.jinja | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index a97168f..39b9d88 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -200,6 +200,11 @@ listen {{ listener.get('name', listener_name) }} {%- if 'mode' in listener %} mode {{ listener.mode }} {%- endif %} + {%- if 'errorfiles' in listener %} + {%- for errorfile_name, errorfile in listener.errorfiles|dictsort %} + errorfile {{ errorfile_name }} {{ errorfile }} + {%- endfor %} + {% endif %} {%- if 'hashtype' in listener %} hash-type {{ listener.hashtype }} {%- endif %} @@ -485,6 +490,11 @@ backend {{ backend.get('name', backend_name) }} {%- if 'mode' in backend %} mode {{ backend.mode }} {%- endif %} + {%- if 'errorfiles' in backend %} + {%- for errorfile_name, errorfile in backend.errorfiles|dictsort %} + errorfile {{ errorfile_name }} {{ errorfile }} + {%- endfor %} + {% endif %} {%- if 'hashtype' in backend %} hash-type {{ backend.hashtype }} {%- endif %} From 30484d7622cf90c5598e8848e0a9a3c9c1c8c877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20R=C3=BCckert?= Date: Wed, 2 Mar 2022 23:04:38 +0100 Subject: [PATCH 2/3] Add more global ssl options --- haproxy/templates/haproxy.jinja | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja index 39b9d88..77ff51d 100644 --- a/haproxy/templates/haproxy.jinja +++ b/haproxy/templates/haproxy.jinja @@ -78,6 +78,18 @@ global {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %} {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }} {%- endif %} +{%- if 'ssl-default-server-ciphers' in salt['pillar.get']('haproxy:global', {}) %} + {{- render_list_of_dictionaries('ssl-default-server-ciphers', salt['pillar.get']('haproxy:global:ssl-default-server-ciphers')) }} +{%- endif %} +{%- if 'ssl-default-server-options' in salt['pillar.get']('haproxy:global', {}) %} + {{- render_list_of_dictionaries('ssl-default-server-options', salt['pillar.get']('haproxy:global:ssl-default-server-options')) }} +{%- endif %} +{%- if 'ssl-default-bind-ciphersuites' in salt['pillar.get']('haproxy:global', {}) %} + {{- render_list_of_dictionaries('ssl-default-bind-ciphersuites', salt['pillar.get']('haproxy:global:ssl-default-bind-ciphersuites')) }} +{%- endif %} +{%- if 'ssl-default-server-ciphersuites' in salt['pillar.get']('haproxy:global', {}) %} + {{- render_list_of_dictionaries('ssl-default-server-ciphersuites', salt['pillar.get']('haproxy:global:ssl-default-server-ciphersuites')) }} +{%- endif %} {%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %} {%- if salt['pillar.get']('haproxy:global:extra', {}) is string %} {{ salt['pillar.get']('haproxy:global:extra') }} From 33f4d7ebb8e47909e1076a54f44917fdf81b5ca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20R=C3=BCckert?= Date: Wed, 2 Mar 2022 23:07:48 +0100 Subject: [PATCH 3/3] Add comment that error files can now also be set in listen and backend sections --- pillar.example | 1 + 1 file changed, 1 insertion(+) diff --git a/pillar.example b/pillar.example index c0786e9..6af8d1d 100644 --- a/pillar.example +++ b/pillar.example @@ -76,6 +76,7 @@ haproxy: - realm: 'Haproxy\ Statistics' - auth: 'admin1:AdMiN123' + # the same can be set in a per backend/listen as well errorfiles: 400: /etc/haproxy/errors/400.http 403: /etc/haproxy/errors/403.http