{"id":16238905,"url":"https://github.com/trombik/ansible-role-haproxy","last_synced_at":"2026-05-03T12:37:50.602Z","repository":{"id":40454436,"uuid":"417975600","full_name":"trombik/ansible-role-haproxy","owner":"trombik","description":"ansible role for haproxy. supports FreeBSD, OpenBSD, Ubuntu, and CentOS","archived":false,"fork":false,"pushed_at":"2022-05-07T12:16:36.000Z","size":44,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-18T17:35:32.565Z","etag":null,"topics":["ansible-role","freebsd","openbsd"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trombik.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-16T23:54:39.000Z","updated_at":"2021-11-05T03:36:35.000Z","dependencies_parsed_at":"2022-08-09T21:00:40.099Z","dependency_job_id":null,"html_url":"https://github.com/trombik/ansible-role-haproxy","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/trombik/ansible-role-haproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trombik%2Fansible-role-haproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trombik%2Fansible-role-haproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trombik%2Fansible-role-haproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trombik%2Fansible-role-haproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trombik","download_url":"https://codeload.github.com/trombik/ansible-role-haproxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trombik%2Fansible-role-haproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32569714,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-role","freebsd","openbsd"],"created_at":"2024-10-10T13:41:41.063Z","updated_at":"2026-05-03T12:37:50.580Z","avatar_url":"https://github.com/trombik.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `trombik.haproxy`\n\n`ansible` role for `haproxy`.\n\nThe role supports TLS by including\n[`trombik.x509_certificate`](https://github.com/trombik/ansible-role-x509_certificate).\nSee [tests/serverspec/tls.yml](tests/serverspec/tls.yml) for an example.\n\n## For CentOS users\n\nThe role permanently enables SELinux security policy\n`httpd_can_network_connect` to `1`.\n\n# Requirements\n\nThe role requires the following `ansible` collections.\n\n* `community.general`\n* `ansible.posix`\n\n# Role Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `haproxy_user` | User name of `haproxy` | `{{ __haproxy_user }}` |\n| `haproxy_group` | Group name of `haproxy` | `{{ __haproxy_group }}` |\n| `haproxy_service` | Service name of `haproxy` | `{{ __haproxy_service }}` |\n| `haproxy_package` | Name of `haproxy` package | `{{ __haproxy_package }}` |\n| `haproxy_extra_packages` | A list of extra packages to install | `[]` |\n| `haproxy_conf_dir` | Path to configuration directory | `{{ __haproxy_conf_dir }}` |\n| `haproxy_conf_file` | Path to `haproxy` configuration file | `{{ __haproxy_conf_dir }}/haproxy.cfg` |\n| `haproxy_config` | Content of `haproxy_conf_file` | `\"\"` |\n| `haproxy_flags` | TBW | `\"\"` |\n| `haproxy_chroot_dir` | Path to directory for `haproxy` `chroot(8)` to | `{{ __haproxy_chroot_dir }}` |\n| `haproxy_selinux_seport` | See below | `{}` |\n| `haproxy_x509_certificate_enable` | If yes, include [`trombik.x509_cetificte`](https://github.com/trombik/ansible-role-x509_certificate) role during the play. | `no` |\n| `haproxy_x509_certificate_vars` | A dict of role variables for `trombik.x509_certificate`. This variable is passed to the role during the play. | `{}` |\n\n## Obsolete role variables\n\nThe following role variables are obsolete, and do not work with the role.\n\n* `haproxy_x509_certificate`\n* `haproxy_x509_certificate_debug_log`\n\n## `haproxy_selinux_seport`\n\nThis variable is a dict for RedHat only. The variable is passed to\n[`community.general.seport`](https://docs.ansible.com/ansible/latest/collections/community/general/seport_module.html).\nIt accepts all parameters that `community.general.seport` accepts.\n\n## Debian\n\n```yaml\n---\n__haproxy_user: haproxy\n__haproxy_group: haproxy\n__haproxy_service: haproxy\n__haproxy_conf_dir: \"/etc/haproxy\"\n__haproxy_package: haproxy\n__haproxy_log_dir: \"/var/log/haproxy\"\n__haproxy_chroot_dir: \"/var/lib/haproxy\"\n```\n\n## FreeBSD\n\n```yaml\n---\n__haproxy_user: www\n__haproxy_group: www\n__haproxy_service: haproxy\n__haproxy_conf_dir: \"/usr/local/etc\"\n__haproxy_package: haproxy\n__haproxy_log_dir: \"/var/log/haproxy\"\n__haproxy_chroot_dir: \"/var/haproxy\"\n```\n\n## OpenBSD\n\n```yaml\n---\n__haproxy_user: _haproxy\n__haproxy_group: _haproxy\n__haproxy_service: haproxy\n__haproxy_conf_dir: \"/etc/haproxy\"\n__haproxy_package: haproxy\n__haproxy_chroot_dir: \"/var/haproxy\"\n```\n\n## RedHat\n\n```yaml\n---\n__haproxy_user: haproxy\n__haproxy_group: haproxy\n__haproxy_service: haproxy\n__haproxy_conf_dir: \"/etc/haproxy\"\n__haproxy_package: haproxy\n__haproxy_log_dir: \"/var/log/haproxy\"\n__haproxy_chroot_dir: \"/var/lib/haproxy\"\n```\n\n## Fedora\n\n```yaml\n---\n__haproxy_user: haproxy\n__haproxy_group: haproxy\n__haproxy_service: haproxy\n__haproxy_conf_dir: \"/etc/haproxy\"\n__haproxy_package: haproxy\n__haproxy_log_dir: \"/var/log/haproxy\"\n__haproxy_chroot_dir: \"/var/lib/haproxy\"\n```\n\n# Dependencies\n\n[`trombik.x509_certificate`](https://github.com/trombik/ansible-role-x509_certificate)\nwhen `haproxy_x509_certificate_enable` is `yes`.\n\n# Example Playbook\n\n```yaml\n---\n- hosts: localhost\n  roles:\n    - ansible-role-haproxy\n  vars:\n    project_backend_host: 127.0.0.1\n    project_backend_port: 8000\n    os_haproxy_selinux_seport:\n      FreeBSD: {}\n      Debian: {}\n      RedHat:\n        ports:\n          - 80\n          - 8404\n        proto: tcp\n        setype: http_port_t\n    haproxy_selinux_seport: \"{{ os_haproxy_selinux_seport[ansible_os_family] }}\"\n    haproxy_config: |\n      global\n        daemon\n      {% if ansible_os_family == 'FreeBSD' %}\n      # FreeBSD package does not provide default\n        maxconn 4096\n        log /var/run/log local0 notice\n          user {{ haproxy_user }}\n          group {{ haproxy_group }}\n      {% elif ansible_os_family == 'Debian' %}\n        log /dev/log  local0\n        log /dev/log  local1 notice\n        chroot {{ haproxy_chroot_dir }}\n        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners\n        stats timeout 30s\n        user {{ haproxy_user }}\n        group {{ haproxy_group }}\n\n        # Default SSL material locations\n        ca-base /etc/ssl/certs\n        crt-base /etc/ssl/private\n\n        # See: https://ssl-config.mozilla.org/#server=haproxy\u0026server-version=2.0.3\u0026config=intermediate\n          ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384\n          ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\n          ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets\n      {% elif ansible_os_family == 'OpenBSD' %}\n        log 127.0.0.1   local0 debug\n        maxconn 1024\n        chroot {{ haproxy_chroot_dir }}\n        uid 604\n        gid 604\n        pidfile /var/run/haproxy.pid\n      {% elif ansible_os_family == 'RedHat' %}\n      log         127.0.0.1 local2\n      chroot      /var/lib/haproxy\n      pidfile     /var/run/haproxy.pid\n      maxconn     4000\n      user        haproxy\n      group       haproxy\n      daemon\n      {% endif %}\n\n      defaults\n        log global\n        mode http\n        timeout connect 5s\n        timeout client 10s\n        timeout server 10s\n        option  httplog\n        option  dontlognull\n        retries 3\n        maxconn 2000\n      {% if ansible_os_family == 'Debian' %}\n        errorfile 400 /etc/haproxy/errors/400.http\n        errorfile 403 /etc/haproxy/errors/403.http\n        errorfile 408 /etc/haproxy/errors/408.http\n        errorfile 500 /etc/haproxy/errors/500.http\n        errorfile 502 /etc/haproxy/errors/502.http\n        errorfile 503 /etc/haproxy/errors/503.http\n        errorfile 504 /etc/haproxy/errors/504.http\n      {% elif ansible_os_family == 'OpenBSD' %}\n        option  redispatch\n      {% endif %}\n\n      frontend http-in\n        bind *:80\n        default_backend servers\n\n      backend servers\n        option forwardfor\n        server server1 {{ project_backend_host }}:{{ project_backend_port }} maxconn 32 check\n\n      frontend stats\n        bind *:8404\n        mode http\n        no log\n        acl network_allowed src 127.0.0.0/8\n        tcp-request connection reject if !network_allowed\n        stats enable\n        stats uri /\n        stats refresh 10s\n        stats admin if LOCALHOST\n\n    os_haproxy_flags:\n      FreeBSD: |\n        haproxy_config=\"{{ haproxy_conf_file }}\"\n        #haproxy_flags=\"-q -f ${haproxy_config} -p ${pidfile}\"\n      Debian: |\n        #CONFIG=\"/etc/haproxy/haproxy.cfg\"\n        #EXTRAOPTS=\"-de -m 16\"\n      OpenBSD: \"\"\n      RedHat: |\n        OPTIONS=\"\"\n    haproxy_flags: \"{{ os_haproxy_flags[ansible_os_family] }}\"\n    haproxy_extra_packages:\n      - zsh\n```\n\n# License\n\n```\nCopyright (c) 2021 Tomoyuki Sakurai \u003cy@trombik.org\u003e\n\nPermission to use, copy, modify, and distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n```\n\n# Author Information\n\nTomoyuki Sakurai \u003cy@trombik.org\u003e\n\nThis README was created by [qansible](https://github.com/trombik/qansible)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrombik%2Fansible-role-haproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrombik%2Fansible-role-haproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrombik%2Fansible-role-haproxy/lists"}