diff --git a/README.md b/README.md index 1b1b2fd..3963115 100644 --- a/README.md +++ b/README.md @@ -123,8 +123,15 @@ haproxy_default_monitor_uri: # Userlist haproxy_userlist: - -# Stats + - stats-auth: + groups: + - "admin users admin" + - "readonly users user" + users: + - "admin insecure-password opqrstuvw" + - "user insecure-password abcdefghi" + +# Stats with HTTP Basic Auth and a single user haproxy_stats: true haproxy_stats_address: '*' haproxy_stats_port: 9001 @@ -145,6 +152,23 @@ haproxy_stats_timeouts: - connect 100s - queue 100s +# Stats with HTTP Basic Auth using an userlist +haproxy_stats: true +haproxy_stats_address: "::" +haproxy_stats_port: 8081 +haproxy_stats_ssl: false +haproxy_stats_uri: /stats +haproxy_stats_auth: +haproxy_stats_acls: + - "AUTH http_auth(stats-auth)" + - "AUTH_ADMIN http_auth_group(stats-auth) admin" +haproxy_stats_options: + - refresh 5s + - show-legends + - show-node + - http-request auth unless AUTH + - admin if AUTH_ADMIN + # SSL haproxy_ssl_certificate: /etc/ssl/uoi.io/uoi.io.pem haproxy_ssl_options: no-sslv3 no-tls-tickets force-tlsv12 diff --git a/defaults/main.yml b/defaults/main.yml index 178fc6a..6492fea 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -89,6 +89,7 @@ haproxy_stats_address: '*' haproxy_stats_port: 9001 haproxy_stats_ssl: false haproxy_stats_auth: true +haproxy_stats_acls: [] haproxy_stats_user: haproxy-stats haproxy_stats_password: B1Gp4sSw0rD!! haproxy_stats_uri: /