dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/dch-proxy: Add OpenVPN backend 

The `openvpn` haproxy backend allows forwarding TLS traffic for
*vpn.securepassage.com* to the OpenVPN-over-TLS service on the gateway.
jenkins-master
Dustin 2018-07-01 15:17:14 -05:00
parent e3c003e4aa
commit c3f1f5750d
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/dch-proxy/tasks/main.yml
View File

@ -25,3 +25,10 @@
dest=/etc/haproxy/70-backend-jenkins.cfg dest=/etc/haproxy/70-backend-jenkins.cfg
mode=0644 mode=0644
notify: reload haproxy notify: reload haproxy
- name: ensure openvpn haproxy backend is configured
template:
src=backend-openvpn.haproxy.cfg.j2
dest=/etc/haproxy/70-backend-openvpn.cfg
mode=0644
notify: reload haproxy

3
roles/dch-proxy/templates/backend-openvpn.haproxy.cfg.j2 Normal file
View File

@ -0,0 +1,3 @@
backend openvpn
mode tcp
server openvpn 172.30.0.1:9876 check

3
roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2
View File

@ -20,4 +20,5 @@ frontend main-tls
use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net } use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net }
use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue } use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue }
use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net } use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net }
default_backend myala-tls use_backend myala-tls if { req_ssl_sni -i darkchestofwonders.us }
default_backend openvpn