Tidying up haproxy.cfg
#haproxyI made a little perl script that I can keep haproxy.cfg
nice and tidy with. If you know Ansible’s assemble
module, it’s pretty much like that, but on steroids.
This script lets you not only separate config file parts into conf.d
-like files but provides some simple, yet useful Jinja2 like {{templating|function}}
s as well as the ability to transparently join multiple lines the right order just as it should have been done from the beginning of time. In this Let’s Encrypt-heated encrypt-everything-era this script also comes handy when one have to deal with enormous amount of TLS certificates (per frontend).
|
|
Combine this with this wholesome Makefile right here and you will have a complete, error-prone way to manage your HAproxy configfiles:
all: config test config_submit reload
config:
cat $(sort $(wildcard /etc/haproxy/conf.d/*.conf)) | perl linemerger.pl > /etc/haproxy/haproxy.cfg.new
config_submit:
mv /etc/haproxy/haproxy.cfg{,.prev}
mv /etc/haproxy/haproxy.cfg{.new,}
test: config
haproxy -c -f /etc/haproxy/haproxy.cfg.new
reload:
systemctl reload haproxy
Update: Since HAProxy version 2.2 the {{ tls }}
templating function is now practically superseded by the new ssl
option called crt-list
which also offers to have different TLS options per SNI. Nice.
Your opinion matters—be heard