-
Notifications
You must be signed in to change notification settings - Fork 52
pfsense_haproxy_backend_server
Orion Poplawski edited this page Jan 13, 2023
·
5 revisions
Manage pfSense haproxy servers
ADDED IN: version 0.1.0 of pfsensible.core
OPTIONS (= is mandatory):
- address
IP or hostname of the backend (only resolved on start-up.)
default: null
type: str
- advanced
Allows for adding custom HAProxy settings to the server. These
are passed as written, use escaping where needed.
default: null
type: str
= backend
The backend name.
type: str
- ca
SSL servers only, set the CA authority to check the server
certificate against.
default: null
type: str
- checkssl
This can be used with for example a LDAPS health-checks where
LDAPS is passed along with mode TCP
default: null
type: bool
- clientcert
SSL servers only, This certificate will be sent if the server
send a client certificate request.
default: null
type: str
- cookie
Persistence only, Used to identify server when cookie
persistence is configured for the backend.
default: null
type: str
- crl
SSL servers only, set the CRL to check revoked certificates.
default: null
type: str
- forwardto
The name of the frontend to forward. When None, forwards to
address and port
default: null
type: str
- istemplate
If set, configures this server item as a template to provision
servers from dns/srv responses.
default: null
type: str
- maxconn
Tuning, If the number of incoming concurrent requests goes
higher than this value, they will be queued
default: null
type: int
- mode
How to use the server.
choices: [active, backup, disabled, inactive]
default: active
type: str
= name
The server name.
type: str
- port
The port of the backend.
default: null
type: int
- ssl
Should haproxy encrypt the traffic to the backend with SSL
(commonly used with mode http on frontend and a port 443 on
backend).
default: null
type: bool
- sslserververify
SSL servers only, The server certificate will be verified
against the CA and CRL certificate configured below.
default: null
type: bool
- state
State in which to leave the backend server
choices: [present, absent]
default: present
type: str
- verifyhost
SSL servers only, when set, must match the hostnames in the
subject and subjectAlternateNames of the certificate provided
by the server.
default: null
type: str
- weight
A weight between 0 and 256, this setting can be used when
multiple servers on different hardware need to be balanced
with a different part the traffic. A server with weight 0 wont
get new traffic. Default if empty: 1
default: null
type: int
AUTHOR: Frederic Bor (@f-bor)
METADATA:
metadata_version: '1.1'
status:
- preview
supported_by: community
EXAMPLES:
- name: Add backend server
pfsense_haproxy_backend_server:
backend: exchange
name: exchange.acme.org
address: exchange.acme.org
port: 443
state: present
- name: Remove backend server
pfsense_haproxy_backend_server:
backend: exchange
name: exchange.acme.org
state: absent
RETURN VALUES:
- commands
the set of commands that would be pushed to the remote device
(if pfSense had a CLI)
returned: always
sample: ['create haproxy_backend_server ''exchange.acme.org'' on ''exchange'', status=''active'',
address=''exchange.acme.org'', port=443', delete haproxy_backend_server 'exchange.acme.org'
on 'exchange']
type: list