senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/haproxy/defaults/main.yml
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

98 lines
2.2 KiB
YAML
Raw Blame History

---
# file: roles/haproxy/defaults/main.yml
haproxy_maxconn: "20000"
haproxy_default_frontend: True
haproxy_letsencrypt: false
# generated via https://ssl-config.mozilla.org/
haproxy_tls_modern:
ciphersuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
options:
- "ssl-min-ver TLSv1.3"
- "no-tls-tickets"
haproxy_tls_intermediate:
ciphers:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-CHACHA20-POLY1305
ciphersuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
options:
- "ssl-min-ver TLSv1.2"
- "no-tls-tickets"
haproxy_tls_old:
ciphers:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-CHACHA20-POLY1305
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- ECDHE-ECDSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- DHE-RSA-AES128-SHA256
- DHE-RSA-AES256-SHA256
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
- AES256-SHA256
- AES128-SHA
- AES256-SHA
- DES-CBC3-SHA
ciphersuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
options:
- "ssl-min-ver TLSv1.0"
- "no-tls-tickets"
haproxy_compression_type:
- text/html
- text/plain
- text/xml
- text/css
- text/csv
- text/rtf
- text/richtext
- text/javascript
- application/x-javascript
- application/javascript
- application/ecmascript
- application/rss+xml
- application/xml
- application/json
- application/wasm
haproxy_check_interval: "2s"
haproxy_iis: false
haproxy_robotstxt: false
Reference in a new issue View git blame Copy permalink