Name: ansible-haproxy
Owner: Simpleweb
Description: HAProxy role to achieve good level of SSL
Created: 2015-06-02 10:37:26.0
Updated: 2017-01-19 16:33:41.0
Pushed: 2015-06-03 13:56:42.0
Homepage: null
Size: 136
Language: null
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This role achieves a good level of SSL security as tested by SSLLabs.
In your playbook you need the following variables:
name: my-app
certificate: <full SSL chain including key>
oxy:
ckends: "{{ groups['production'] }}"
The vault seems to be a good place to securely store your cert. To do this you need to include it using multi-line syntax… this looks like:
certificate: |
---BEGIN CERTIFICATE-----
ST OF CERT...
This role only works with Debian Wheezy for time being.
SSL is forced for all connections.
haproxy.backends specifies a group in your hosts. This entire group becomes your front-ends and looks for resulting server on eth1 on port specified by backend_port. We use rackspace a lot and eth1 is the internal network.
Nginx must be running on port 8080 as the backend.
It's worth checking results with SSL labs, but this should achieve A+ rating with good browser support.