https://github.com/simpleweb/ansible-haproxy

HAProxy role to achieve good level of SSL
https://github.com/simpleweb/ansible-haproxy

Last synced: 4 months ago
JSON representation

HAProxy role to achieve good level of SSL

• Host: GitHub
• URL: https://github.com/simpleweb/ansible-haproxy
• Owner: simpleweb
• License: mit
• Created: 2015-06-02T10:37:26.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2015-06-03T13:56:42.000Z (about 11 years ago)
• Last Synced: 2025-10-07T01:49:54.794Z (8 months ago)
• Size: 133 KB
• Stars: 1
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Ansible HAProxy Role for Debian Wheezy

This role achieves a good level of SSL security as tested by [SSLLabs](http://ssllabs.com/ssltest/).

In your playbook you need the following variables:

```yaml

app_name: my-app

ssl_certificate: 

haproxy:

  backends: "{{ groups['production'] }}"

```

### Added SSL certificate to Vault

The vault seems to be a good place to securely store your cert. To do this you need to include it using multi-line syntax... this looks like:

```

ssl_certificate: |

  -----BEGIN CERTIFICATE-----

  REST OF CERT...

```

### Limitations

This role only works with Debian Wheezy for time being.

SSL is forced for all connections.

haproxy.backends specifies a group in your hosts. This entire group becomes your front-ends and looks for resulting server on eth1 on port specified by backend_port. We use rackspace a lot and eth1 is the internal network.

Nginx must be running on port 8080 as the backend.

### Results

It's worth checking results with SSL labs, but this should achieve A+ rating with good browser support.

![SSL Labs Result](https://tomsstuff.s3.amazonaws.com/aplus.png "SSL Labs Result")