Basic web with SSL API 3.8
craig-duffin edited this page Dec 18, 2017
·
1 revision
The following template example shows a basic web configuration with SSL.
resource "brocadevtm_monitor" "example" {
name = "example-monitor"
back_off = true
delay = 8
timeout = 6
failures = 4
timeout = 6
type = "http"
http = [
{
path = "/health-check"
body_regex = "^healthy"
status_regex = "^[234][0-9][0-9]$"
},
]
}
resource "brocadevtm_pool" "example" {
name = "example-pool"
max_connection_attempts = 3
max_idle_connections_pernode = 100
max_timed_out_connection_attempts = 4
monitors = [ "${brocadevtm_monitor.example.name}" ]
node_close_with_rst = true
node_connection_attempts = 4
node_delete_behaviour = "drain"
node_drain_to_delete_timeout = 10
nodes_table = [
{
node = "10.10.10.3:80"
state = "active"
},
{
node = "10.10.10.4:80"
state = "draining"
},
]
note = "Example pool"
pool_connection = [
{
max_connect_time = 6
max_connections_per_node = 250
max_queue_size = 50
max_reply_time = 9
queue_timeout = 20
},
]
http = [
{
keepalive = true
keepalive_non_idempotent = true
},
]
load_balancing = [
{
algorithm = "least_connections"
},
]
node = [
{
close_on_death = true
retry_fail_time = 30
},
]
tcp = [
{
nagle = true
},
]
}
resource "brocadevtm_traffic_ip_group" "example" {
name = "www.example.com"
enabled = true
ipaddresses = [ "10.23.45.134" ]
mode = "multihosted"
multicast = "234.23.45.134"
note = "Example Traffic IP Group"
}
resource "brocadevtm_ssl_server_key" "example" {
name = "www.example.com"
note = "www.example.com SSL service key"
private = "${file("ssl/example.com.key")}"
public = "${file("ssl/example.com.crt")}"
request = "${file("ssl/example.com.csr")}"
}
resource "brocadevtm_rule" "example" {
name = "example-rule"
rule =<<RULE
if( http.responseHeaderExists( "Keep-Alive" ) == 0) {
http.removeResponseHeader( "Keep-Alive" );
}
RULE
}
resource "brocadevtm_virtual_server" "example" {
name = "www.example.com"
add_x_forwarded_for = true
close_with_rst = true
connect_timeout = 9
enabled = true
listen_on_traffic_ips = [ "${brocadevtm_traffic_ip_group.example.name}" ]
note = "Example Virtual Server"
pool = "${brocadevtm_pool.example.name}"
port = 443
response_rules = [ "${brocadevtm_rule.example.name}" ]
so_nagle = true
ssl_decrypt = true
ssl = [
{
server_cert_default = "${brocadevtm_ssl_server_key.example.name}"
ssl_support_ssl2 = "disabled"
ssl_support_ssl3 = "enabled"
ssl_support_tls1 = "enabled"
ssl_support_tls1_1 = "enabled"
ssl_support_tls1_2 = "enabled"
},
]
}