Add fqdn

metadata.rb

@@ -4,7 +4,7 @@
 license          'Apache 2.0'
 description      'Application cookbook to set up HAProxy on a RightScale environment'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '1.1.5'
+version          '1.1.16'
 
 depends 'marker', '~> 1.0.1'
 depends 'haproxy', '~> 1.6.0'

recipes/default.rb

@@ -60,30 +60,42 @@
 Chef::Log.info "Overriding haproxy/balance_algorithm to '#{node['rs-haproxy']['balance_algorithm']}'..."
 node.override['haproxy']['balance_algorithm'] = node['rs-haproxy']['balance_algorithm']
 
+Chef::Log.info "Overriding haproxy/timeouts to 60s..."
+node.override['haproxy']['config']['defaults']['timeout']['client'] = '60s'
+node.override['haproxy']['config']['defaults']['timeout']['server'] = '60s'
+node.override['haproxy']['config']['defaults']['timeout']['connect'] = '60s'
+
 # Setting haproxy config in attributes
 node.default['haproxy']['config']['global'] = {
   'user' => node['haproxy']['user'],
   'group' => node['haproxy']['group'],
   'pidfile' => node['haproxy']['pid_file'],
   'log' => "/dev/log syslog info",
   'daemon' => true,
-  'quiet' => true
-  }
-
+  'quiet' => true,
+  'ssl-default-bind-ciphers' => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+'
+}
+
 node.default['haproxy']['config']['defaults']['log'] = 'global'
 node.default['haproxy']['config']['defaults']['mode'] = 'http'
 node.default['haproxy']['config']['defaults']['balance'] = 'roundrobin'
 
+
 Chef::Log.info node['haproxy']['config']['defaults']['option']
-option_array = ['httplog', 'dontlognull', 'redispatch']
+option_array = ['httplog', 'dontlognull', 'redispatch', 'forwardfor']
 node['haproxy']['config']['defaults']['option'].each { |i| option_array<<i } unless node['haproxy']['config']['defaults']['option'].nil?
 node.default['haproxy']['config']['defaults']['option'] = option_array
+#node.default['haproxy']['config']['defaults']['default_backend'] = "default"
 
 Chef::Log.info "creating base connection"
 node.default['haproxy']['config']['frontend']['all_requests']['bind'] = "#{node['haproxy']['incoming_address']}:#{node['haproxy']['incoming_port']}"
+node.default['haproxy']['config']['frontend']['all_requests']['redirect'] = "scheme https code 301 if !{ ssl_fc }"
 
 # Configure SSL if the SSL certificate and the keys are provided
 if node['rs-haproxy']['ssl_cert']
+     # SSL certificate configuration
+
   Chef::Log.info "Overriding haproxy/ssl_incoming_port to #{node['rs-haproxy']['ssl_incoming_port']}"
   node.override['haproxy']['ssl_incoming_port'] = node['rs-haproxy']['ssl_incoming_port']
 
@@ -99,16 +111,16 @@
     mode 0600
     action :create
   end
+    # Redirect all HTTP requests to HTTPS
+  #node.default['frontend']['all_requests']['redirect'] = 'scheme https if !{ ssl_fc }'
+  node.override['haproxy']['config']['frontend']['all_requests_https'] = {
+    'bind' =>  '0.0.0.0:443 ssl crt /usr/local/etc/haproxy/ssl_cert.pem no-sslv3',
+    'reqadd' => 'X-Forwarded-Proto:\ https'
+    #'default_backend' => 'default'
+    }
+end
 
-  # HTTPS bind address
-  https_bind = "bind #{node['haproxy']['ssl_incoming_address']}:#{node['haproxy']['ssl_incoming_port']}"
-
-  # SSL certificate configuration
-  node.default['haproxy']['config']['frontend']['all_requests'][https_bind] = "ssl crt #{ssl_cert_file} no-sslv3"
 
-  # Redirect all HTTP requests to HTTPS
- node.default['frontend']['all_requests']['redirect'] = 'scheme https if !{ ssl_fc }'
-end
 
 # Set up haproxy socket
 if node['haproxy']['enable_stats_socket']
@@ -136,6 +148,11 @@
   node.default['haproxy']['config']['defaults']['cookie'] = 'SERVERID insert indirect nocache'
 end
 
+# setup default server group so haproxy doesn't choke
+#node.default['haproxy']['config']['backend']['default'] = {
+#  'server' => "disabled-server 127.0.0.1:1 disabled"
+#}
+
 # Confirm that rsyslog is installed.
 include_recipe 'rs-base::rsyslog'
 

recipes/frontend.rb

@@ -86,6 +86,20 @@ class Chef::Recipe
 node.default['haproxy']['config']['frontend']['all_requests']['default_backend'] = node['rs-haproxy']['pools'].last
 node.default['haproxy']['config']['frontend']['all_requests']['bind'] = "#{node['haproxy']['incoming_address']}:#{node['haproxy']['incoming_port']}"
 node.default['haproxy']['config']['frontend']['all_requests']['maxconn'] = node['rs-haproxy']['maxconn']
+node.default['haproxy']['config']['frontend']['all_requests']['redirect'] = "scheme https code 301 if !{ ssl_fc }"
+
+# Initialize frontend SSL section which will be generated in the haproxy.cfg
+node.default['haproxy']['config']['frontend'] = {}
+node.default['haproxy']['config']['frontend']['all_requests_https'] ||= {}
+node.default['haproxy']['config']['frontend']['all_requests_https']['default_backend'] = node['rs-haproxy']['pools'].last
+node.default['haproxy']['config']['frontend']['all_requests_https']['bind'] = "0.0.0.0:443 ssl crt /usr/local/etc/haproxy/ssl_cert.pem no-sslv3"
+node.default['haproxy']['config']['frontend']['all_requests_https']['reqadd'] = "X-Forwarded-Proto:\ https"
+node.default['haproxy']['config']['frontend']['all_requests_https']['maxconn'] = node['rs-haproxy']['maxconn']
+#node.default['haproxy']['config']['frontend']['all_requests_https']['capture'] = "request header Host len 40"
+#node.default['haproxy']['config']['frontend']['all_requests_https']['capture'] = "response header Location len 40"
+capture_array = ['request header Host len 40', 'response header Location len 40']
+node.default['haproxy']['config']['frontend']['all_requests_https']['capture'].each { |i| capture_array<<i } unless node.default['haproxy']['config']['frontend']['all_requests_https']['capture'].nil?
+node.default['haproxy']['config']['frontend']['all_requests_https']['capture'] = capture_array
 
 # Initialize backend section which will be generated in the haproxy.cfg
 node.default['haproxy']['config']['backend'] = {}