diff --git a/modules/enableit/eit_haproxy/manifests/basic_config.pp b/modules/enableit/eit_haproxy/manifests/basic_config.pp index ac10eb2a..3e7994e9 100644 --- a/modules/enableit/eit_haproxy/manifests/basic_config.pp +++ b/modules/enableit/eit_haproxy/manifests/basic_config.pp @@ -4,6 +4,7 @@ class eit_haproxy::basic_config ( Eit_haproxy::Domains $domains, Eit_haproxy::Listen $listens = {}, + Eit_haproxy::Timeout $frontend_timeout = {}, Boolean $ddos_protection = false, Boolean $https = true, Boolean $http = false, @@ -204,12 +205,18 @@ { 'http-request' => 'deny deny_status 429 if !is_priority ww_rl_reached' }, ] + $_frontend_timeout = Hash( + $frontend_timeout.map |$k, $v| { + ["timeout ${k}", $v] + } + ) haproxy::frontend { 'web': mode => $mode, bind => $binds, options => [ {'option' => "${mode}log"}, + $_frontend_timeout, if $https and $use_lets_encrypt { { 'acl is_letsencrypt' => 'path_beg /.well-known/acme-challenge/' } }, diff --git a/modules/enableit/eit_haproxy/manifests/init.pp b/modules/enableit/eit_haproxy/manifests/init.pp index c75d0ec7..99657af5 100644 --- a/modules/enableit/eit_haproxy/manifests/init.pp +++ b/modules/enableit/eit_haproxy/manifests/init.pp @@ -5,6 +5,7 @@ Enum['auto', 'manual'] $configure, Eit_haproxy::Domains $domains, Eit_haproxy::Listen $listens, + Eit_haproxy::Timeout $frontend_timeout, Hash[Eit_types::IP,Variant[ Array[Stdlib::Port], Stdlib::Port @@ -64,6 +65,7 @@ listens => $listens, mode => $mode, listen_on => $listen_on, + frontend_timeout => $frontend_timeout, encryption_ciphers => $encryption_ciphers, } } diff --git a/modules/enableit/eit_haproxy/types/timeout.pp b/modules/enableit/eit_haproxy/types/timeout.pp new file mode 100644 index 00000000..3c063b19 --- /dev/null +++ b/modules/enableit/eit_haproxy/types/timeout.pp @@ -0,0 +1,14 @@ +# Haproxy Timeouts + +type Eit_haproxy::Timeout = Struct[{ + client => Optional[String], + connect => Optional[String], + server => Optional[String], + queue => Optional[String], + tunnel => Optional[String], + check => Optional[String], + http-request => Optional[String], + http-keep-alive => Optional[String], + http-connection => Optional[String], + tarpit => Optional[String], +}] diff --git a/modules/enableit/profile/manifests/haproxy.pp b/modules/enableit/profile/manifests/haproxy.pp index 919c2e7d..582db28f 100644 --- a/modules/enableit/profile/manifests/haproxy.pp +++ b/modules/enableit/profile/manifests/haproxy.pp @@ -4,6 +4,7 @@ Optional[String] $manual_config, Eit_haproxy::Domains $domains = {}, Eit_haproxy::Listen $listens = {}, + Eit_haproxy::Timeout $frontend_timeout = {}, Boolean $ddos_protection = false, Boolean $https = true, Boolean $http = false, @@ -49,6 +50,7 @@ use_hsts => $use_hsts, mode => $mode, listen_on => $listen_on, + frontend_timeout => $frontend_timeout, manual_config => $manual_config, configure => $configure, firewall => $firewall, diff --git a/modules/enableit/role/manifests/web/haproxy.pp b/modules/enableit/role/manifests/web/haproxy.pp index d85b68c3..f1b9595e 100644 --- a/modules/enableit/role/manifests/web/haproxy.pp +++ b/modules/enableit/role/manifests/web/haproxy.pp @@ -56,6 +56,7 @@ Optional[String] $manual_config = undef, Eit_haproxy::Domains $domains = {}, Eit_haproxy::Listen $listens = {}, + Eit_haproxy::Timeout $frontend_timeout = {}, Boolean $ddos_protection = false, Boolean $https = true, Boolean $http = false, @@ -91,6 +92,7 @@ version => $version, configure => $configure, listen_on => $listen_on, + frontend_timeout => $frontend_timeout, encryption_ciphers => $encryption_ciphers, firewall => $firewall, service_options => $service_options,