chaos/salt-pillar
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

auto02 and haproxy

Browse Source
This commit is contained in:
do
2021-01-31 16:54:54 +01:00
parent 50ce8787a2
commit fa6c62c1f6
2 changed files with 141 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
base/hostconfig/auto02.sls
View File

@@ -4,6 +4,7 @@ systemd:
Unit: Unit:
Description: Homeassistant Description: Homeassistant
After: network-online.target local-fs.target After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a homeassistant ExecStart: /usr/bin/podman start -a homeassistant
@@ -14,6 +15,7 @@ systemd:
Unit: Unit:
Description: Homeassistant Configurator Description: Homeassistant Configurator
After: network-online.target local-fs.target After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a homeassistant-configurator ExecStart: /usr/bin/podman start -a homeassistant-configurator
@@ -24,6 +26,7 @@ systemd:
Unit: Unit:
Description: pihole Description: pihole
After: network-online.target local-fs.target After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a pihole ExecStart: /usr/bin/podman start -a pihole
@@ -34,6 +37,7 @@ systemd:
Unit: Unit:
Description: Docker Registry Description: Docker Registry
After: network-online.target local-fs.target After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a docker-registry ExecStart: /usr/bin/podman start -a docker-registry
@@ -44,107 +48,145 @@ systemd:
Unit: Unit:
Description: zwave2mqtt - yes Description: zwave2mqtt - yes
After: network-online.target local-fs.target After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a zwave2mqtt ExecStart: /usr/bin/podman start -a zwave2mqtt
ExecStop: /usr/bin/podman stop zwave2mqtt ExecStop: /usr/bin/podman stop zwave2mqtt
Install: Install:
WantedBy: multi-user.target WantedBy: multi-user.target
nginx: haproxy:
install_from_repo: False enabled: True
server: overwrite: True
config: global:
events: stats:
worker_connections: 100 enable: True
servers: socketpath: /var/lib/haproxy/stats
managed: mode: 660
default: level: admin
enabled: false # Optional extra bind parameter, for example to set the owner/group on the socket file
status: extra: user haproxy group haproxy
enabled: true ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
config: ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
- server:
- server_name: _ user: haproxy
- listen: group: haproxy
- 127.0.0.1:80 chroot:
- location /stub_status: enable: True
- stub_status: '' path: /var/lib/haproxy
proxy_auto: daemon: True
enabled: true defaults:
config: mode: http
- server: stats:
- server_name: auto2 auto2.chaos - enable
- listen: - uri: '/admin?stats'
- 80 default_server - realm: 'Haproxy\ Statistics'
- location /: - auth: 'admin1:AdMiN123'
- proxy_pass: http://127.0.0.1:8123 options:
- proxy_set_header: "Host $host" - httplog
- proxy_http_version: "1.1" - dontlognull
- proxy_set_header: "X-Real-IP $remote_addr" - forwardfor
- proxy_set_header: "X-Forwarded-For $proxy_add_x_forwarded_for" timeouts:
- proxy_set_header: "Ugrade $http_upgrade" - connect 5000
- proxy_set_header: "Connection \"Upgrade\"" - client 50000
- location /api/websocket: - server 50000
- proxy_pass: http://127.0.0.1:8123/api/websocket - tunnel 60000 #longer timeouts for websockets
- proxy_set_header: "Host $host" - http-request 5s
- proxy_http_version: "1.1" errorfiles:
- proxy_set_header: "X-Real-IP $remote_addr" 400: /etc/haproxy/errors/400.http
- proxy_set_header: "X-Forwarded-For $proxy_add_x_forwarded_for" 403: /etc/haproxy/errors/403.http
- proxy_set_header: "Ugrade $http_upgrade" 408: /etc/haproxy/errors/408.http
- proxy_set_header: "Connection \"Upgrade\"" 500: /etc/haproxy/errors/500.http
proxy_auto-conf: 502: /etc/haproxy/errors/502.http
enabled: true 503: /etc/haproxy/errors/503.http
config: 504: /etc/haproxy/errors/504.http
- server: #resolvers:
- server_name: auto-conf auto-conf.chaos # local_dns:
- listen: # options:
- '80' # - nameserver resolvconf 192.168.10.1:53
- location /: # - resolve_retries 3
- proxy_redirect: "off" # - timeout retry 1s
- proxy_pass: http://127.0.0.1:3218 # - hold valid 10s
proxy_pihole: listens:
enabled: true stats:
config: bind:
- server: - "127.0.0.1:8998"
- server_name: pihole pihole.chaos mode: http
- listen: stats:
- '80' enable: True
- location /admin: uri: "/admin?stats"
- proxy_redirect: "off" refresh: "20s"
- proxy_pass: http://127.0.0.1:8080/admin frontends:
- add_header: 'Access-Control-Allow-Origin: "*"' frontend1:
- proxy_set_header: 'Access-Control-Allow-Origin: "*"' name: www-http
proxy_docker-reg: bind: "*:80"
enabled: true default_backend: auto
config: acls:
- server: - host_auto hdr_beg(host) -i auto.
- server_name: docker-registry docker-registry.chaos docker-registry.lan - host_auto-conf hdr_beg(host) -i auto-conf.
- listen: - host_z2m hdr_beg(host) -i zwave2mqtt.
- '80' - host_pihole hdr_beg(host) -i pihole.
- location /: - host_docker-registry hdr_beg(host) -i docker-registry.
- proxy_redirect: "off" use_backends:
- proxy_pass: http://127.0.0.1:5000 - auto if host_auto
- client_max_body_size: '10G' - auto-conf if host_auto-conf
- proxy_set_header: 'Host $host' - z2m if host_z2m
- proxy_set_header: 'X-Forwarded-For $remote_addr' - pihole if host_pihole
- proxy_set_header: 'Proxy-Connection ""' - docker-registry if host_docker-registry
- proxy_set_header: 'Access-Control-Allow-Origin "*"' backends:
- proxy_set_header: 'Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"' backend1:
- proxy_set_header: 'Access-Control-Allow-Headers "Authorization, Accept"' name: auto
- proxy_set_header: 'Access-Control-Allow-Credentials true' balance: roundrobin
- proxy_set_header: 'Access-Control-Expose-Headers "Docker-Content-Digest"' servers:
- add_header: 'Access-Control-Allow-Origin "*"' server1:
- add_header: 'Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"' name: auto02
- add_header: 'Access-Control-Allow-Headers "Authorization, Accept"' host: 127.0.0.1
- add_header: 'Access-Control-Allow-Credentials true' port: 8123
- add_header: 'Access-Control-Expose-Headers "Docker-Content-Digest"' check: check
proxy_zwave2mqtt: backend2:
enabled: true name: auto-conf
config: balance: roundrobin
- server: servers:
- server_name: zwave2mqtt zwave2mqtt.chaos server1:
- listen: name: auto02
- '80' host: 127.0.0.1
- location /: port: 3218
- proxy_redirect: "off" check: check
- proxy_pass: http://127.0.0.1:8091 backend3:
name: z2m
balance: roundrobin
servers:
server1:
name: auto02
host: 127.0.0.1
port: 8091
check: check
backend4:
name: pihole
balance: roundrobin
servers:
server1:
name: auto02
host: 127.0.0.1
port: 8080
check: check
backend5:
name: docker-registry
balance: roundrobin
servers:
server1:
name: auto02
host: 127.0.0.1
port: 5000
check: check
options:
- http-server-close
extra:
#- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"

2
base/init.sls
View File

@@ -5,7 +5,7 @@
include: include:
- base.services - base.services
- base.hardware - base.hardware
- base.sys.sysctl - base.sys
- base.hostconfig - base.hostconfig
- saltmine - saltmine
- prometheus.node_exporter - prometheus.node_exporter