github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/acceptancetests/repository/trusty/haproxy/config.yaml (about) 1 options: 2 global_log: 3 default: "/dev/log local0, /dev/log local1 notice" 4 type: string 5 description: Global log line ( multiples ... comma separated list ) 6 global_maxconn: 7 default: 4096 8 type: int 9 description: | 10 Sets the maximum per-process number of concurrent connections to 11 <number>. 12 global_user: 13 default: "haproxy" 14 type: string 15 description: User 16 global_group: 17 default: "haproxy" 18 type: string 19 description: Group 20 global_debug: 21 default: False 22 type: boolean 23 description: Debug or not 24 global_quiet: 25 default: False 26 type: boolean 27 description: Quiet 28 global_spread_checks: 29 default: 0 30 type: int 31 description: | 32 Sometimes it is desirable to avoid sending health checks to servers at 33 exact intervals, for instance when many logical servers are located on 34 the same physical server. With the help of this parameter, it becomes 35 possible to add some randomness in the check interval between 0 and 36 +/- 50%. A value between 2 and 5 seems to show good results. 37 global_stats_socket: 38 default: False 39 type: boolean 40 description: | 41 Whether to enable the stats UNIX socket. 42 global_default_dh_param: 43 default: 1024 44 type: int 45 description: | 46 Sets the maximum size of the Diffie-Hellman parameters used for generating 47 the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. 48 Default value if 1024, higher values will increase the CPU load, and values 49 greater than 1024 bits are not supported by Java 7 and earlier clients. This 50 config key will be ignored if the installed haproxy package has no SSL support. 51 global_default_bind_ciphers: 52 default: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA 53 type: string 54 description: | 55 Sets the default string describing the list of cipher algorithms 56 ("cipher suite") that are negotiated during the SSL/TLS handshake for 57 all "bind" lines which do not explicitly define theirs. The format of 58 the string is defined in "man 1 ciphers" from OpenSSL man pages, and 59 can be for instance a string such as "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" 60 (without quotes). Please check the "bind" keyword for more information. 61 This config key will be ignored if the installed haproxy package has no SSL 62 support. 63 default_log: 64 default: "global" 65 type: string 66 description: Default log 67 default_mode: 68 default: "http" 69 type: string 70 description: Default mode 71 default_options: 72 default: "httplog, dontlognull" 73 type: string 74 description: Default options 75 default_retries: 76 default: 3 77 type: int 78 description: | 79 Set the number of retries to perform on a server after a connection 80 failure. It is important to understand that this value applies to the 81 number of connection attempts, not full requests. When a connection 82 has effectively been established to a server, there will be no more 83 retry. 84 In order to avoid immediate reconnections to a server which is 85 restarting, a turn-around timer of 1 second is applied before a retry 86 occurs. 87 default_timeouts: 88 default: "queue 20000, client 50000, connect 5000, server 50000" 89 type: string 90 description: Default timeouts 91 enable_monitoring: 92 default: False 93 type: boolean 94 description: Enable monitoring 95 monitoring_port: 96 default: 10000 97 type: int 98 description: Default monitoring port 99 monitoring_allowed_cidr: 100 default: "127.0.0.1/32" 101 type: string 102 description: | 103 CIDR allowed ( multiple CIDRs separated by space ) access to the 104 monitoring interface. 105 monitoring_username: 106 default: "haproxy" 107 type: string 108 description: Monitoring username 109 monitoring_password: 110 default: "changeme" 111 type: string 112 description: | 113 Password to the monitoring interface ( if "changeme", a new password 114 will be generated and displayed in juju-log ) 115 monitoring_stats_refresh: 116 default: 3 117 type: int 118 description: Monitoring interface refresh interval (in seconds) 119 package_status: 120 default: "install" 121 type: "string" 122 description: | 123 The status of service-affecting packages will be set to this value in the dpkg database. 124 Useful valid values are "install" and "hold". 125 services: 126 default: | 127 - service_name: haproxy_service 128 service_host: "0.0.0.0" 129 service_port: 80 130 service_options: [balance leastconn, cookie SRVNAME insert] 131 server_options: maxconn 100 cookie S{i} check 132 type: string 133 description: | 134 Services definition(s). Although the variable type is a string, this is 135 interpreted in the charm as yaml. To use multiple services within the 136 same haproxy instance, specify all of the variables (service_name, 137 service_host, service_port, service_options, server_options) with a "-" 138 before the first variable, service_name, as above. Service options is a 139 comma separated list, server options will be appended as a string to 140 the individual server lines for a given listen stanza. 141 142 If your web application serves dynamic content based on users' login 143 sessions, a visitor will experience unexpected behaviour if each request 144 is proxied to a different backend web server. Session stickiness ensures 145 that a visitor 'sticks' to the backend web server which served their 146 first request. This is made possible by tagging each backend server 147 with a cookie. Session are sticky by default. To turn off sticky sessions, 148 remove the 'cookie SRVNAME insert' and 'cookie S{i}' stanzas from 149 `service_options` and `server_options`. 150 ssl_cert: 151 type: string 152 description: | 153 base64 encoded default SSL certificate. If the keyword 'SELFSIGNED' 154 is used, the certificate and key will be autogenerated as 155 self-signed. This is the certificate used by services configured 156 using keyword 'DEFAULT' as SSL certificate. This config key will be 157 ignored if the installed haproxy package has no SSL support. 158 default: "" 159 ssl_key: 160 type: string 161 description: | 162 base64 encoded private key for the default SSL certificate. If ssl_cert 163 is specified as SELFSIGNED or the installed haproxy package has no SSL 164 support, this will be ignored. 165 default: "" 166 sysctl: 167 default: "" 168 type: string 169 description: > 170 YAML-formatted list of sysctl values, e.g.: 171 '{ net.ipv4.tcp_max_syn_backlog : 65536 }' 172 nagios_context: 173 default: "juju" 174 type: string 175 description: | 176 Used by the nrpe-external-master subordinate charm. 177 A string that will be prepended to instance name to set the host name 178 in nagios. So for instance the hostname would be something like: 179 juju-postgresql-0 180 If you're running multiple environments with the same services in them 181 this allows you to differentiate between them. 182 metrics_target: 183 default: "" 184 type: string 185 description: | 186 Destination for statsd-format metrics, format "host:port". If 187 not present and valid, metrics disabled. Requires "enable_monitoring" 188 to be set to true to work. 189 metrics_prefix: 190 default: "dev.$UNIT.haproxy" 191 type: string 192 description: | 193 Prefix for metrics. Special value $UNIT can be used to include the 194 name of the unit in the prefix. 195 metrics_sample_interval: 196 default: 5 197 type: int 198 description: Period for metrics cron job to run in minutes 199 source: 200 default: "" 201 type: string 202 description: | 203 Optional configuration to support use of additional sources such as: 204 . 205 - ppa:myteam/ppa 206 - cloud:precise-proposed/folsom 207 - http://my.archive.com/ubuntu main 208 . 209 The last option should be used in conjunction with the key configuration 210 option. 211 key: 212 default: "" 213 type: string 214 description: | 215 Key ID to import to the apt keyring to support use with arbitrary source 216 configuration from outside of Launchpad archives or PPA's. 217 peering_mode: 218 default: "active-passive" 219 type: string 220 description: | 221 Possible values : "active-passive", "active-active". This is only used 222 if several units are spawned. In "active-passive" mode, all the units will 223 forward traffic to the first working haproxy unit, which will then forward it 224 to configured backends. In "active-active" mode, each unit will proxy the 225 traffic directly to the backends. The "active-passive" mode gives a better 226 control of the maximum connection that will be opened to a backend server.