# -*- coding: utf-8 -*-
# vim: ft=yaml
---

haproxy:
  enabled: True
  overwrite: True
  global:
    stats:
      enable: True
      socketpath: /var/lib/haproxy/stats
      mode: 660
      level: admin
      # Optional extra bind parameter, for example to set the owner/group on the socket file
      extra: user haproxy group haproxy
    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"

    user: haproxy
    group: haproxy
    chroot:
      enable: True
      path: /var/lib/haproxy
    daemon: True
  defaults:
    stats:
      - enable
      - uri: '/admin?stats'
      - realm: 'Haproxy\ Statistics'
      - auth: 'admin1:AdMiN123'
    errorfiles:
      400: /etc/haproxy/errors/400.http
      403: /etc/haproxy/errors/403.http
      408: /etc/haproxy/errors/408.http
      500: /etc/haproxy/errors/500.http
      502: /etc/haproxy/errors/502.http
      503: /etc/haproxy/errors/503.http
      504: /etc/haproxy/errors/504.http

  {# Suported by HAProxy 1.6 #}
  resolvers:
    local_dns:
      options:
        - nameserver resolvconf 192.168.10.1:53
        - resolve_retries 3
        - timeout retry 1s
        - hold valid 10s


  listens:
    stats:
      bind:
        - "0.0.0.0:8998"
      mode: http
      stats:
        enable: True
        uri: "/admin?stats"
        refresh: "20s"
  frontends:
    frontend1:
      name: www 
      bind: "*:80"
      default_backend: stats 
      acls: 
        - host_stats hdr_beg(host) -i stats.
      use_backends: 
        - grafana if host_stats
  backends:
    backend1:
      name: grafana 
      balance: roundrobin
      servers:
        server1:
          name: riot01
          host: 192.168.10.164
          port: 3000
          check: check