dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/haproxy: Add support for Debian hosts

Browse Source 
Debian does not support system-wide SSL cipher suite profiles of course,
so these options need to be specified explicitly when deploying HAProxy
on Debian-based machines.
This commit is contained in:
Dustin
2019-03-22 09:24:05 -05:00
parent ceb56edf06
commit 909c8e7a03
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/haproxy/templates/global.cfg.j2
View File

@@ -14,5 +14,10 @@ global
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
ssl-default-bind-ciphers {{ haproxy_ssl_default_ciphers }}
{% if haproxy_ssl_default_server_ciphers|d %}
ssl-default-server-ciphers {{ haproxy_ssl_default_server_ciphers }}
{% endif %}
{% if haproxy_ssl_default_bind_options %}
ssl-default-bind-options {{ haproxy_ssl_default_bind_options }}
{% endif %}