Skip to content

Instantly share code, notes, and snippets.

@JamesTheHacker

JamesTheHacker/node-servers..tasks..haproxy.yml

Created June 27, 2017 10:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JamesTheHacker/d15f4b8b8782b4fb2407700546275817 to your computer and use it in GitHub Desktop.
Save JamesTheHacker/d15f4b8b8782b4fb2407700546275817 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
node-servers..tasks..haproxy.yml
---
- name: Install haproxy
apt: name=haproxy state=latest
- name: Creating /var/www directory
file:
path: /var/www
state: directory
owner: "{{ user }}"
group: "{{ user }}"
- name: Creating /etc/haproxy/certs directory
file:
path: /etc/haproxy/certs
state: directory
- name: Copying haproxy .cfg file
template:
src: templates/haproxy.j2
dest: /etc/haproxy.cfg
owner: root
group: root
notify:
- restart haproxy
Raw
node-servers..tasks..main.yml
---
- name: Creating unprivileged user
user:
name: "{{ user }}"
state: present
password: "{{ user_pass }}"
- name: Updating packages
shell: apt-get update
- name: Installing Required packages
apt: name={{ item }} state=latest
with_items:
- build-essential
- iptables-persistent
- apt-transport-https
- python-openssl
- nodejs
- include: nodejs.yml
- include: haproxy.yml
- include: letsencrypt-dns.yml
- include: deploy.yml
- include: daemonize-nodeapp.yml
Raw
node-servers..templates..haproxy.j2
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.socket mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2048
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
frontend www-http
bind {{ server.droplet.ip_address }}:80
reqadd X-Forwarded-Proto:\ http
default_backend www-backend
frontend www-https
bind {{ server.droplet.ip_address }}:443 ssl crt /etc/haproxy/certs/{{ domain }}.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
mode http
balance roundrobin
stick-table type ip size 200k expire 100m
stick on src
server www-1 127.0.0.1:5001 check
server www-2 127.0.0.1:5002 check
server www-3 127.0.0.1:5003 check
Raw
playbook.yml
---
- hosts: localhost
tasks:
- name: Spinning up a new droplet
digital_ocean:
state: present
command: droplet
name: "{{ domain }}"
ssh_key_ids:
- "{{ ssh_key_id }}"
size_id: 512mb
region_id: lon1
image_id: debian-9-x64
api_token: "{{ api_token }}"
backups_enabled: no
register: server
- name: Adding domain name {{ domain }}
digital_ocean_domain:
api_token: "{{ api_token }}"
state: present
name: "{{ domain }}"
ip: "{{ server.droplet.ip_address }}"
- name: Adding www A record
uri:
url: https://api.digitalocean.com/v2/domains/{{ domain }}/records
method: POST
status_code: 201
headers:
Content-Type: application/json
Authorization: Bearer {{ api_token }}
body:
type: A
name: www
data: "{{ server.droplet.ip_address }}"
priority: null
port: null
ttl: 1800
weight: null
body_format: json
- name: Adding droplet to hosts
add_host: hostname={{ server.droplet.ip_address }} group=node-servers
- name: Wait for SSH to come up
local_action: wait_for host={{ server.droplet.ip_address }} port=22 delay=60 timeout=320 state=started
- hosts: node-servers
remote_user: root
gather_facts: false
roles:
- node-servers
handlers:
- name: Restarting haproxy
service:
name: haproxy
state: restarted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment