--- - name: Converge hosts: all roles: - ansible-role-haproxy vars: haproxy_ssl_certificates: www-example-com: | -----BEGIN CERTIFICATE----- test haproxy_ips_lists: blacklist: - 172.10.0.0/16 - 192.168.1.1 haproxy_resolvers: dns: nameserver: dns1 127.0.0.1:53 haproxy_userlists: restricted: group: - admin user: - admin insecure-password password groups admin haproxy_frontends: main: bind: ip: '*' port: 5000 acl: - url_static path_beg -i /static /images /javascript /stylesheets - url_static path_end -i .jpg .gif .png .css .js frontend-test-https: bind: ip: '*' port: 80 mode: http default_backend: backend-test-https option: - 'forwardfor except 127.0.0.0/8' - 'httplog' - 'http-server-close' acl: - acl_test1-https hdr(host) test1.example.net - acl_test2-https hdr(host) test2.example.net - acl_blacklist src -f /etc/haproxy/blacklist.list - acl_auth_path path -i /auth/ - acl_auth http_auth(restricted) http-request: - auth realm restricted if acl_auth_path !acl_auth - return status 200 content-type "text/plain" string "Good" if acl_auth_path use_backend: - backend-test-https if acl_test1-https - backend-test-resolver if acl_test2-https - backend-test-https if acl_test1-https acl_blacklist haproxy_backends: backend-test-https: mode: http balance: roundrobin stick-table: type ip size 512k expire 30m stick: on src option: - 'ssl-hello-chk' - 'tcp-check' - 'log-health-checks' - 'forwardfor header X-Forwarded-For' server: - host1 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s - host2 127.0.0.1:443 ssl verify none check maxconn 1000 inter 15s backend-test-resolver: mode: http balance: roundrobin stick-table: type ip size 512k expire 30m stick: on src option: - 'ssl-hello-chk' server: - google.fr google.com:443 ssl verify none check resolvers dns init-addr none pre_tasks: - name: add backports repository ansible.builtin.apt_repository: repo: 'deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main' - name: update apt cache ansible.builtin.apt: update_cache: true