From 072dba40d47d60b11a5724cd80fe94c0fcc0cda0 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Thu, 7 Mar 2019 13:43:48 +0100
Subject: [PATCH 01/24] Add latest Ansible versions (2.7.8, 2.6.14, and 2.5.15)

---
 .travis.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 337c895b..a648c7e7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,8 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.7.8
+  - ANSIBLE_VERSION=2.7.7
   - ANSIBLE_VERSION=2.7.6
   - ANSIBLE_VERSION=2.7.5
   - ANSIBLE_VERSION=2.7.4
@@ -14,6 +16,8 @@ env:
   - ANSIBLE_VERSION=2.7.2
   - ANSIBLE_VERSION=2.7.1
   - ANSIBLE_VERSION=2.7.0
+  - ANSIBLE_VERSION=2.6.14
+  - ANSIBLE_VERSION=2.6.13
   - ANSIBLE_VERSION=2.6.12
   - ANSIBLE_VERSION=2.6.11
   - ANSIBLE_VERSION=2.6.10
@@ -27,6 +31,7 @@ env:
   - ANSIBLE_VERSION=2.6.2
   - ANSIBLE_VERSION=2.6.1
   - ANSIBLE_VERSION=2.6.0
+  - ANSIBLE_VERSION=2.5.15
   - ANSIBLE_VERSION=2.5.14
   - ANSIBLE_VERSION=2.5.13
   - ANSIBLE_VERSION=2.5.12
@@ -83,9 +88,6 @@ script:
 
 notifications:
   email: false
-  hipchat:
-    rooms:
-      secure: 5E26TUa3gV2/vSsuMtkAOtx7VsJf2XWEkfkhE8F1O2QvKrtRanVZZN9MJOba970GmZFQQne1so9HvXAeaPnD3LEcqy+SGAn6JvyH0mYy8i6a/gd9kxiOMHF3gTqCdDsu/SKPAB8N4J1eDvDo/6dfnVzifsZwvw92D9uOkEKi5cEiV8KhKAzK7tLQqAKESNt1BbnCAuTAz38WxJJVrMNPYlZ1gOqK9fIXfhRi0u+oo+21UqzOh6L65gAcD2PYvnt6Ak0KMgIo+iqui6xF7SG4IaMHk9G4FjY77cxxYy39HIAwNUArO0F1OO59b2oofdKX8w2X8TL+4t9zluKorgmvBGHtDcwxy9x2pjJqiTNpYSZyIRZMzM5ocA8y6JeGcl9VDTsO4hJWHqaB+WSulPYtGwZ1UMHPt0GmxdL3kf/ksmq6FJA4PGpV8YMHS65rMs9PibLeWnP7Ja4LQHlJ/eWUSQoCRECBrKxq4zgvTwEr9pxXeQXm85j29KO0c4UmJQhw1ISGuL6Z3VHOewCcdOvNzQmQn9y/rxVpmOWYlJpwPVAf3ht3D3C6t5aoViIwS508pnVzAycnpbxVPRpisQW/j/IC6PeChi3xv24n2pGJctoXtn/vWzt3VXEKKj9Y/Mr9hAEyNlNJfcaLhuicCcMa0d4j3ue8VRpjIjAnRJYBm28=
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
   slack:
     rooms:

From a142d406f3faf0b9ae0cf1bd38456d6223b97023 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Fri, 21 Jun 2019 14:17:57 +0200
Subject: [PATCH 02/24] Add latest Ansible versions

---
 .travis.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index a648c7e7..dd43c568 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,11 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.8.1
+  - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.11
+  - ANSIBLE_VERSION=2.7.10
+  - ANSIBLE_VERSION=2.7.9
   - ANSIBLE_VERSION=2.7.8
   - ANSIBLE_VERSION=2.7.7
   - ANSIBLE_VERSION=2.7.6
@@ -16,6 +21,9 @@ env:
   - ANSIBLE_VERSION=2.7.2
   - ANSIBLE_VERSION=2.7.1
   - ANSIBLE_VERSION=2.7.0
+  - ANSIBLE_VERSION=2.6.17
+  - ANSIBLE_VERSION=2.6.16
+  - ANSIBLE_VERSION=2.6.15
   - ANSIBLE_VERSION=2.6.14
   - ANSIBLE_VERSION=2.6.13
   - ANSIBLE_VERSION=2.6.12

From 13d50ed81e38e53ae769fd338603ea109b9a0679 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Fri, 19 Jul 2019 14:31:16 +0200
Subject: [PATCH 03/24] Add latest Ansible versions

---
 .travis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index dd43c568..1862b31c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,8 +7,10 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.12
   - ANSIBLE_VERSION=2.7.11
   - ANSIBLE_VERSION=2.7.10
   - ANSIBLE_VERSION=2.7.9
@@ -21,6 +23,7 @@ env:
   - ANSIBLE_VERSION=2.7.2
   - ANSIBLE_VERSION=2.7.1
   - ANSIBLE_VERSION=2.7.0
+  - ANSIBLE_VERSION=2.6.18
   - ANSIBLE_VERSION=2.6.17
   - ANSIBLE_VERSION=2.6.16
   - ANSIBLE_VERSION=2.6.15

From 662b936bd39a46642eb72bdedf831498f10c4710 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Wed, 7 Aug 2019 15:59:06 +0200
Subject: [PATCH 04/24] Add latest Ansible versions

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 1862b31c..53a7bf27 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,7 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.8.3
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0

From c622c582d5277ea0ff6b594ac2e159f4b28b146e Mon Sep 17 00:00:00 2001
From: Andrea Sosso <andrea@sosso.me>
Date: Fri, 30 Aug 2019 12:50:09 +0200
Subject: [PATCH 05/24] a 'tcp-request' rule placed after an 'http-request'
 rule will still be processed before

---
 templates/etc/haproxy/frontend.cfg.j2 | 20 ++++++++++----------
 templates/etc/haproxy/listen.cfg.j2   | 10 +++++-----
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/templates/etc/haproxy/frontend.cfg.j2 b/templates/etc/haproxy/frontend.cfg.j2
index d1867914..c6d51063 100644
--- a/templates/etc/haproxy/frontend.cfg.j2
+++ b/templates/etc/haproxy/frontend.cfg.j2
@@ -51,16 +51,6 @@ frontend {{ frontend.name }}
   capture {{ capture.type }} {{ capture.name }} len {{ capture.length }}
 {% endfor %}
 
-{% for http_request in frontend.http_request | default([]) %}
-  http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
-
-{% endfor %}
-
-{% for http_response in frontend.http_response | default([]) %}
-  http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
-
-{% endfor %}
-
 {% for tcp_request_inspect_delay in frontend.tcp_request_inspect_delay | default([]) %}
   tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }}
 
@@ -81,6 +71,16 @@ frontend {{ frontend.name }}
 
 {% endfor %}
 
+{% for http_request in frontend.http_request | default([]) %}
+  http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
+
+{% endfor %}
+
+{% for http_response in frontend.http_response | default([]) %}
+  http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
+
+{% endfor %}
+
 {% for action in ['reqadd', 'rspadd'] %}
 {% for params in frontend[action] | default([]) %}
   {{ action }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2
index f3b9e301..1366dfe2 100644
--- a/templates/etc/haproxy/listen.cfg.j2
+++ b/templates/etc/haproxy/listen.cfg.j2
@@ -84,11 +84,6 @@ listen {{ listen.name }}
 {% endif %}
 {% endif %}
 
-{% for http_request in listen.http_request | default([]) %}
-  http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
-
-{% endfor %}
-
 {% for tcp_request_inspect_delay in listen.tcp_request_inspect_delay | default([]) %}
   tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }}
 
@@ -109,6 +104,11 @@ listen {{ listen.name }}
 
 {% endfor %}
 
+{% for http_request in listen.http_request | default([]) %}
+  http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
+
+{% endfor %}
+
 {% for http_response in listen.http_response | default([]) %}
   http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
 

From 9afdecfdc17dc6b9052f440db2395281d284023a Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Mon, 16 Sep 2019 14:32:53 +0200
Subject: [PATCH 06/24] Add latest Ansible versions

---
 .travis.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 53a7bf27..8fbac790 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,10 +7,13 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.8.5
+  - ANSIBLE_VERSION=2.8.4
   - ANSIBLE_VERSION=2.8.3
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.13
   - ANSIBLE_VERSION=2.7.12
   - ANSIBLE_VERSION=2.7.11
   - ANSIBLE_VERSION=2.7.10
@@ -24,6 +27,7 @@ env:
   - ANSIBLE_VERSION=2.7.2
   - ANSIBLE_VERSION=2.7.1
   - ANSIBLE_VERSION=2.7.0
+  - ANSIBLE_VERSION=2.6.19
   - ANSIBLE_VERSION=2.6.18
   - ANSIBLE_VERSION=2.6.17
   - ANSIBLE_VERSION=2.6.16

From cc6c6154e7c7e4c65455df16174545f11df91f38 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Fri, 25 Oct 2019 16:27:49 +0200
Subject: [PATCH 07/24] Add latest Ansible versions (2.8.6, 2.7.14, 2.6.20)

---
 .travis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 8fbac790..31b0dba2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,12 +7,14 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.8.6
   - ANSIBLE_VERSION=2.8.5
   - ANSIBLE_VERSION=2.8.4
   - ANSIBLE_VERSION=2.8.3
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.14
   - ANSIBLE_VERSION=2.7.13
   - ANSIBLE_VERSION=2.7.12
   - ANSIBLE_VERSION=2.7.11
@@ -27,6 +29,7 @@ env:
   - ANSIBLE_VERSION=2.7.2
   - ANSIBLE_VERSION=2.7.1
   - ANSIBLE_VERSION=2.7.0
+  - ANSIBLE_VERSION=2.6.20
   - ANSIBLE_VERSION=2.6.19
   - ANSIBLE_VERSION=2.6.18
   - ANSIBLE_VERSION=2.6.17

From 34fe5aed5d30b2263bdcf186e66238c4b4b8a9b0 Mon Sep 17 00:00:00 2001
From: Andrea Sosso <andrea@sosso.me>
Date: Sun, 17 Nov 2019 09:41:42 +0100
Subject: [PATCH 08/24] Enable HAProxy 2.0 LTS release

---
 vars/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vars/main.yml b/vars/main.yml
index a1f8748e..3b163c2f 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -6,5 +6,6 @@ haproxy_versions_supported:
   - '1.7'
   - '1.8'
   - '1.9'
+  - '2.0'
 
 haproxy_ppa: "ppa:vbernat/haproxy-{{ haproxy_version }}"

From a1d67aea09019dcfe2d6a739e3ae37def5bc7491 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Tue, 19 Nov 2019 15:16:45 +0100
Subject: [PATCH 09/24] Enable HAProxy 2.0 LTS release

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 0d6970f3..74392626 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 ## haproxy
 
-[![Build Status](https://travis-ci.org/Oefenweb/ansible-haproxy.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-haproxy) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-haproxy-blue.svg)](https://galaxy.ansible.com/Oefenweb/haproxy)
+[![Build Status](https://travis-ci.org/Oefenweb/ansible-haproxy.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-haproxy)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-haproxy-blue.svg)](https://galaxy.ansible.com/Oefenweb/haproxy)
 
 Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu systems.
 
@@ -10,7 +11,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 
 #### Variables
 
-* `haproxy_version`: [default: `1.8`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`)
+* `haproxy_version`: [default: `1.8`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`, `1.9`, `2.0`)
 
 * `haproxy_install`: [default: `[]`]: Additional packages to install (e.g. `socat`)
 

From e4e85db1bce2a10fdd6c2735d35c37cd9e9366c7 Mon Sep 17 00:00:00 2001
From: Andrea Sosso <andrea@sosso.me>
Date: Fri, 29 Nov 2019 17:19:13 +0100
Subject: [PATCH 10/24] nable HAProxy 2.1 (Stable version)

---
 README.md     | 2 +-
 vars/main.yml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 74392626..0d7979c3 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 
 #### Variables
 
-* `haproxy_version`: [default: `1.8`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`, `1.9`, `2.0`)
+* `haproxy_version`: [default: `1.8`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`, `1.9`, `2.0`, `2.1`)
 
 * `haproxy_install`: [default: `[]`]: Additional packages to install (e.g. `socat`)
 
diff --git a/vars/main.yml b/vars/main.yml
index 3b163c2f..e74f425e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -7,5 +7,6 @@ haproxy_versions_supported:
   - '1.8'
   - '1.9'
   - '2.0'
+  - '2.1'
 
 haproxy_ppa: "ppa:vbernat/haproxy-{{ haproxy_version }}"

From d6c28ca114f236a2835839c3a2c41df5f24fbd0b Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Tue, 10 Dec 2019 12:05:13 +0100
Subject: [PATCH 11/24] version_compare -> version

---
 tests/vagrant.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/vagrant.yml b/tests/vagrant.yml
index bea52524..19f9e8b6 100644
--- a/tests/vagrant.yml
+++ b/tests/vagrant.yml
@@ -6,4 +6,4 @@
   roles:
     - ../../
   vars:
-    haproxy_version: "{{ (ansible_distribution_version is version_compare('12.04', '>')) | ternary(1.8, 1.7) }}"
+    haproxy_version: "{{ (ansible_distribution_version is version('12.04', '>')) | ternary(1.8, 1.7) }}"

From 7d0f1ea08fc3fb07e6b0fc1d76ab936f29513857 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Mon, 17 Feb 2020 12:57:34 +0100
Subject: [PATCH 12/24] Add latest Ansible versions

---
 .travis.yml | 10 ++++++++++
 Vagrantfile |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 31b0dba2..b9b046b7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,14 @@ python: "2.7"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.9.5
+  - ANSIBLE_VERSION=2.9.4
+  - ANSIBLE_VERSION=2.9.3
+  - ANSIBLE_VERSION=2.9.2
+  - ANSIBLE_VERSION=2.9.1
+  - ANSIBLE_VERSION=2.9.0
+  - ANSIBLE_VERSION=2.8.8
+  - ANSIBLE_VERSION=2.8.7
   - ANSIBLE_VERSION=2.8.6
   - ANSIBLE_VERSION=2.8.5
   - ANSIBLE_VERSION=2.8.4
@@ -14,6 +22,8 @@ env:
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.16
+  - ANSIBLE_VERSION=2.7.15
   - ANSIBLE_VERSION=2.7.14
   - ANSIBLE_VERSION=2.7.13
   - ANSIBLE_VERSION=2.7.12
diff --git a/Vagrantfile b/Vagrantfile
index a7579518..05a5ee61 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -30,7 +30,7 @@ boxes = [
     :box => "bento/ubuntu-18.04",
     :ip => '10.0.0.14',
     :cpu => "50",
-    :ram => "256"
+    :ram => "384"
   },
 ]
 

From 9710dba4347b3d88bb5d0795b47904584abf1b42 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Fri, 20 Mar 2020 14:44:55 +0100
Subject: [PATCH 13/24] Improved formatting

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0d7979c3..735a0676 100644
--- a/README.md
+++ b/README.md
@@ -47,7 +47,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_global_tune`: [default: `[]`]: (Performance) tuning declarations
 * `haproxy_global_tune.{n}.key`: [required]: Setting name (e.g. `ssl.cachesize`)
 * `haproxy_global_tune.{n}.value`: [required]: Setting value (e.g. `50000`)
-* `haproxy_global_option`: [default: `[]`]: Options (e.g. ['lua-load /etc/haproxy/acme-http01-webroot.lua', 'ssl-dh-param-file /etc/haproxy/dhparams.pem'])
+* `haproxy_global_option`: [default: `[]`]: Options (e.g. `['lua-load /etc/haproxy/acme-http01-webroot.lua', 'ssl-dh-param-file /etc/haproxy/dhparams.pem']`)
 * `haproxy_global_peers`: Peer list declarations
 * `haproxy_global_peers.{n}.name`: Peer list name (e.g. `mypeers`)
 * `haproxy_global_peers.{n}.peers`: Peer declarations

From f51df08d2d1d3432f171c8f1024116216fb32729 Mon Sep 17 00:00:00 2001
From: Miika Kankare <miika@ocllo.fi>
Date: Mon, 13 Apr 2020 12:08:30 +0300
Subject: [PATCH 14/24] Add ciphersuites options for TLSv1.3

---
 README.md                           | 2 ++
 defaults/main.yml                   | 2 ++
 templates/etc/haproxy/global.cfg.j2 | 8 ++++++++
 3 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 735a0676..2022a1af 100644
--- a/README.md
+++ b/README.md
@@ -35,8 +35,10 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_global_ca_base`: [default: `/etc/ssl/certs`]: Assigns a default directory to fetch SSL CA certificates and CRLs from when a relative path is used with `"ca-file"` or `"crl-file"` directives
 * `haproxy_global_crt_base`: [default: `/etc/ssl/private`]: Assigns a default directory to fetch SSL certificates from when a relative path is used with `"crtfile"` directives
 * `haproxy_global_ssl_default_bind_ciphers`: [default: `kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL`]: This setting is only available when support for OpenSSL was built in. It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake for all `"bind"` lines which do not explicitly define theirs
+* `haproxy_global_ssl_default_bind_ciphersuites`: [default: ``]: This setting is only available when support for OpenSSL was built in and OpenSSL 1.1.1 or later was used to build HAProxy. It sets the default string describing the list of cipher algorithms ("cipher suite") that are negotiated during the TLSv1.3 handshake for all `"bind"` lines which do not explicitly define theirs
 * `haproxy_global_ssl_default_bind_options`: [default: `no-sslv3`]: This setting is only available when support for OpenSSL was built in. It sets default ssl-options to force on all `"bind"` lines
 * `haproxy_global_ssl_default_server_ciphers`: [default: `kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL`]: This setting is only available when support for OpenSSL was built in. It sets the default string describing the list of cipher algorithms that are negotiated during the SSL/TLS handshake with the server, for all `"server"` lines which do not explicitly define theirs
+* `haproxy_global_ssl_default_server_ciphersuites`: [default: ``]: This setting is only available when support for OpenSSL was built in and OpenSSL 1.1.1 or later was used to build HAProxy. It sets the default string describing the list of cipher algorithms that are negotiated duringthe TLSv1.3 handshake with the server, for all `"server"` lines which do not explicitly define theirs
 * `haproxy_global_ssl_default_server_options`: [default: `no-sslv3`]: This setting is only available when support for OpenSSL was built in. It sets default ssl-options to force on all `"server"` lines
 * `haproxy_global_ssl_engines`: [optional, default `[]`]: OpenSSL engine declarations (`>= 1.8.0` only)
 * `haproxy_global_ssl_engines.{n}.name`: [required]: Sets the OpenSSL engine to use (e.g. `rdrand`)
diff --git a/defaults/main.yml b/defaults/main.yml
index e152c061..10df3e43 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,8 +28,10 @@ haproxy_global_daemon: true
 haproxy_global_ca_base: /etc/ssl/certs
 haproxy_global_crt_base: /etc/ssl/private
 haproxy_global_ssl_default_bind_ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL'
+haproxy_global_ssl_default_bind_ciphersuites: ''
 haproxy_global_ssl_default_bind_options: 'no-sslv3'
 haproxy_global_ssl_default_server_ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL'
+haproxy_global_ssl_default_server_ciphersuites: ''
 haproxy_global_ssl_default_server_options: 'no-sslv3'
 haproxy_global_nbproc: 1
 haproxy_global_option: []
diff --git a/templates/etc/haproxy/global.cfg.j2 b/templates/etc/haproxy/global.cfg.j2
index 81e9bb89..c6fc4e9f 100644
--- a/templates/etc/haproxy/global.cfg.j2
+++ b/templates/etc/haproxy/global.cfg.j2
@@ -55,6 +55,10 @@
   ssl-default-bind-ciphers {{ haproxy_global_ssl_default_bind_ciphers }}
 {% endif %}
 
+{% if haproxy_global_ssl_default_bind_ciphersuites != false and haproxy_global_ssl_default_bind_ciphersuites | length > 0 %}
+  ssl-default-bind-ciphersuites {{ haproxy_global_ssl_default_bind_ciphersuites }}
+{% endif %}
+
 {% if haproxy_global_ssl_default_bind_options != false %}
   ssl-default-bind-options {{ haproxy_global_ssl_default_bind_options }}
 {% endif %}
@@ -66,6 +70,10 @@
   ssl-default-server-ciphers {{ haproxy_global_ssl_default_server_ciphers }}
 {% endif %}
 
+{% if haproxy_global_ssl_default_server_ciphersuites != false and haproxy_global_ssl_default_server_ciphersuites | length > 0 %}
+  ssl-default-server-ciphersuites {{ haproxy_global_ssl_default_server_ciphersuites }}
+{% endif %}
+
 {% if haproxy_global_ssl_default_server_options != false %}
   ssl-default-server-options {{ haproxy_global_ssl_default_server_options }}
 {% endif %}

From b95a3658e956515e42e11379d3bccd54a884a45a Mon Sep 17 00:00:00 2001
From: Miika Kankare <miika@ocllo.fi>
Date: Thu, 16 Apr 2020 11:27:27 +0300
Subject: [PATCH 15/24] Simplify ciphersuites conditionals

---
 templates/etc/haproxy/global.cfg.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/etc/haproxy/global.cfg.j2 b/templates/etc/haproxy/global.cfg.j2
index c6fc4e9f..2d396d85 100644
--- a/templates/etc/haproxy/global.cfg.j2
+++ b/templates/etc/haproxy/global.cfg.j2
@@ -55,7 +55,7 @@
   ssl-default-bind-ciphers {{ haproxy_global_ssl_default_bind_ciphers }}
 {% endif %}
 
-{% if haproxy_global_ssl_default_bind_ciphersuites != false and haproxy_global_ssl_default_bind_ciphersuites | length > 0 %}
+{% if haproxy_global_ssl_default_bind_ciphersuites %}
   ssl-default-bind-ciphersuites {{ haproxy_global_ssl_default_bind_ciphersuites }}
 {% endif %}
 
@@ -70,7 +70,7 @@
   ssl-default-server-ciphers {{ haproxy_global_ssl_default_server_ciphers }}
 {% endif %}
 
-{% if haproxy_global_ssl_default_server_ciphersuites != false and haproxy_global_ssl_default_server_ciphersuites | length > 0 %}
+{% if haproxy_global_ssl_default_server_ciphersuites %}
   ssl-default-server-ciphersuites {{ haproxy_global_ssl_default_server_ciphersuites }}
 {% endif %}
 

From 7092fee12277f47063808a326939a2d02787f967 Mon Sep 17 00:00:00 2001
From: Martyn Klassen <lmklassen@gmail.com>
Date: Mon, 20 Nov 2017 16:10:57 -0500
Subject: [PATCH 16/24] Switch from deprecated ansible include module to
 import_tasks

---
 tasks/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 1891f20d..8b2cba3c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,25 +9,25 @@
     - haproxy
     - haproxy-check-version-support
 
-- include: install.yml
+- import_tasks: install.yml
   tags:
     - configuration
     - haproxy
     - haproxy-install
 
-- include: certificates.yml
+- import_tasks: certificates.yml
   tags:
     - configuration
     - haproxy
     - haproxy-certificates
 
-- include: acl.yml
+- import_tasks: acl.yml
   tags:
     - configuration
     - haproxy
     - haproxy-acl
 
-- include: configuration.yml
+- import_tasks: configuration.yml
   tags:
     - configuration
     - haproxy

From 801cdef5f4022ce4122005f1d9722dba9ab75b3f Mon Sep 17 00:00:00 2001
From: Igor Solovey <isolovey@robarts.ca>
Date: Thu, 9 Apr 2020 16:08:37 -0400
Subject: [PATCH 17/24] Add resolvers section

---
 README.md                              | 13 +++++++++++++
 defaults/main.yml                      |  3 +++
 templates/etc/haproxy/haproxy.cfg.j2   |  2 ++
 templates/etc/haproxy/resolvers.cfg.j2 | 25 +++++++++++++++++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 templates/etc/haproxy/resolvers.cfg.j2

diff --git a/README.md b/README.md
index 2022a1af..86ef5480 100644
--- a/README.md
+++ b/README.md
@@ -377,6 +377,19 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_userlists.{n}.users.{n}.insecure_password`: [optional] Plaintext password of this user. **One of `password` or `insecure_password` must be set**
 * `haproxy_userlists.{n}.users.{n}.groups`: [optional] List of groups to add the user to
 
+* `haproxy_resolvers`: [default: `[]`]: Resolvers (name servers) declarations
+* `haproxy_resolvers.{n}.name`: [required]: The name of the name server list
+* `haproxy_resolvers.{n}.nameservers`: [required] list of DNS servers
+* `haproxy_resolvers.{n}.nameservers.{n}.name`: [required] label of the server, should be unique
+* `haproxy_resolvers.{n}.nameservers.{n}.listen`: [required] Defines a listening address and/or ports, e.g. `8.8.8.8:53`
+* `haproxy_resolvers.{n}.accepted_payload_size`: [optional]: Defines the maximum payload size (in bytes) accepted by HAProxy and announced to all the name servers configured in this resolvers section. If not set, HAProxy announces 512. (minimal value defined by RFC 6891)
+* `haproxy_resolvers.{n}.parse_resolv_conf`: [optional]: If set to `true`, adds all nameservers found in `/etc/resolv.conf` to this resolver's nameservers list.
+* `haproxy_resolvers.{n}.resolve_retries`: [optional]: Defines the number of queries to send to resolve a server name before giving up.
+* `haproxy_resolvers.{n}.hold`: [optional]: A list of directives defining `<period>` during which the last name resolution should be kept based on last resolution `<status>`.
+* `haproxy_resolvers.{n}.hold.{status}`: [optional]: hold directives in `<status>:<period>` format. Key must be one of (`nx`, `other`, `refused`, `timeout`, `valid`, `obsolete`). Value is interval between two successive name resolutions in HAProxy time format.
+* `haproxy_resolvers.{n}.timeout`: [optional]: Defines timeouts related to name resolution
+* `haproxy_resolvers.{n}.timeout.{event}`: [optional]: timeout directives in `<event>:<time>` format. Key must be one of (`resolve`, `retry`). Value is time related to the event in the HAProxy time format.
+
 * `haproxy_acl_files`: [default: `[]`]: ACL file declarations
 * `haproxy_acl_files.{n}.dest`: [required]: The remote path of the file (e.g. `/etc/haproxy/acl/api.map`)
 * `haproxy_acl_files.{n}.content`: [default: `[]`]: The content (lines) of the file (e.g. `['v1.0 be_alpha', 'v1.1 be_bravo']`)
diff --git a/defaults/main.yml b/defaults/main.yml
index 10df3e43..87e50bae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -81,5 +81,8 @@ haproxy_backend: []
 # user-lists section
 haproxy_userlists: []
 
+# resolvers section:
+haproxy_resolvers: []
+
 # ACL files
 haproxy_acl_files: []
diff --git a/templates/etc/haproxy/haproxy.cfg.j2 b/templates/etc/haproxy/haproxy.cfg.j2
index e4097111..f291e05d 100644
--- a/templates/etc/haproxy/haproxy.cfg.j2
+++ b/templates/etc/haproxy/haproxy.cfg.j2
@@ -8,6 +8,8 @@ defaults
 
 {% include 'userlist.cfg.j2' %}
 
+{% include 'resolvers.cfg.j2' %}
+
 {% include 'listen.cfg.j2' %}
 
 {% include 'frontend.cfg.j2' %}
diff --git a/templates/etc/haproxy/resolvers.cfg.j2 b/templates/etc/haproxy/resolvers.cfg.j2
new file mode 100644
index 00000000..98fa82d7
--- /dev/null
+++ b/templates/etc/haproxy/resolvers.cfg.j2
@@ -0,0 +1,25 @@
+{% for resolver in haproxy_resolvers %}
+resolvers {{ resolver.name }}
+  {% for nameserver in resolver.nameservers %}
+  nameserver {{ nameserver.name }} {{ nameserver.listen }}
+  {% endfor %}
+  {% if resolver.accepted_payload_size is defined -%}
+  accepted_payload_size {{ resolver.accepted_payload_size }}
+  {% endif %}
+  {% if resolver.parse_resolv_conf is defined and resolver.parse_resolv_conf -%}
+  parse-resolv-conf
+  {% endif %}
+  {% if resolver.hold is defined -%}
+    {% for status, period in resolver.hold.items() -%}
+      hold {{ status }} {{ period }}
+    {%- endfor %}
+  {%- endif %}
+  {% if resolver.resolve_retries is defined -%}
+  resolve_retries {{ resolver.resolve_retries }}
+  {% endif %}
+  {% if resolver.timeout is defined -%}
+    {% for event, time in resolver.timeout.items() -%}
+      timeout {{ event }} {{ time }}
+    {%- endfor %}
+  {%- endif %}
+{% endfor %}

From 7946a4bd242f6e2205c9b0fa220154b5bb7d6231 Mon Sep 17 00:00:00 2001
From: Igor Solovey <isolovey@robarts.ca>
Date: Thu, 9 Apr 2020 16:09:49 -0400
Subject: [PATCH 18/24] Add server-template, retry, retry_on backend/listen
 parameters

---
 README.md                            | 18 ++++++++++++++++++
 templates/etc/haproxy/backend.cfg.j2 | 10 ++++++++++
 templates/etc/haproxy/listen.cfg.j2  | 10 ++++++++++
 3 files changed, 38 insertions(+)

diff --git a/README.md b/README.md
index 2022a1af..00aa0279 100644
--- a/README.md
+++ b/README.md
@@ -145,6 +145,14 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_listen.{n}.server.{n}.name`: [required]: The internal name assigned to this server
 * `haproxy_listen.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports
 * `haproxy_listen.{n}.server.{n}.param`: [optional]: A list of parameters for this server
+* `haproxy_listen.{n}.server_template`: [optional]: Server template declarations
+* `haproxy_listen.{n}.server_template.name`: [required]:  A prefix for the server names to be built.
+* `haproxy_listen.{n}.server_template.num`: [required]: Number or range of servers. If specified as `<num>`, this template initializes `<num>` servers with 1 up to `<num>` as server name suffixes. If specified as `<num_low>-<num_high>`, initializes with `<num_low>` up to `<num_high>` as server name suffixes.
+* `haproxy_listen.{n}.server_template.fqdn`: [required]: A FQDN for all the servers this template initializes
+* `haproxy_listen.{n}.server_template.port`: [optional]: Port specification
+* `haproxy_listen.{n}.server_template.{n}.param`: [optional]: A list of parameters for this server template
+* `haproxy_listen.{n}.retry_on`: [optional, default `[]`]: Specify when to attempt to automatically retry a failed request. Provide a list of keywords or HTTP status codes, each representing a type of failure event on which an attempt to retry the request is desired. For details, see HAProxy documentation.
+* `haproxy_listen.{n}.retries`: [optional]: Number of retries to perform on a server after a connection failure
 * `haproxy_listen.{n}.reqadd`: [optional]: Adds headers at the end of the HTTP request
 * `haproxy_listen.{n}.reqadd.{n}.string`: [required]: The complete line to be added. Any space or known delimiter must be escaped using a backslash (`'\'`) (in version < 1.6)
 * `haproxy_listen.{n}.reqadd.{n}.cond`: [optional]: A matching condition built from ACLs
@@ -363,6 +371,16 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_backend.{n}.server.{n}.name`: [required]: The internal name assigned to this server
 * `haproxy_backend.{n}.server.{n}.listen`: [required]: Defines a listening address and/or ports
 * `haproxy_backend.{n}.server.{n}.param`: [optional]: A list of parameters for this server
+* `haproxy_backend.{n}.server_template`: [optional]: Server template declarations
+* `haproxy_backend.{n}.server_template.name`: [required]:  A prefix for the server names to be built.
+* `haproxy_backend.{n}.server_template.num`: [required]: Number or range of servers. If specified as `<num>`, this template initializes `<num>` servers with 1 up to `<num>` as server name suffixes. If specified as `<num_low>-<num_high>`, initializes with `<num_low>` up to `<num_high>` as server name suffixes.
+* `haproxy_backend.{n}.server_template.fqdn`: [required]: A FQDN for all the servers this template initializes
+* `haproxy_backend.{n}.server_template.port`: [optional]: Port specification
+* `haproxy_backend.{n}.server_template.{n}.param`: [optional]: A list of parameters for this server template
+* `haproxy_backend.{n}.retry_on`: [optional, default `[]`]: Specify when to attempt to automatically retry a failed request. Provide a list of keywords or HTTP status codes, each representing a type of failure event on which an attempt to retry the request is desired. For details, see HAProxy documentation.
+* `haproxy_backend.{n}.retries`: [optional]: Number of retries to perform on a server after a connection failure
+
+
 * `haproxy_backend.{n}.errorfile`: [optional]: Errorfile declarations
 * `haproxy_backend.{n}.errorfile.{n}.code`: [required]: The HTTP status code. Currently, HAProxy is capable of generating codes 200, 400, 403, 408, 500, 502, 503, and 504 (e.g. `400`)
 * `haproxy_backend.{n}.errorfile.{n}.file`: [required]: A file containing the full HTTP response (e.g `/etc/haproxy/errors/400.http`)
diff --git a/templates/etc/haproxy/backend.cfg.j2 b/templates/etc/haproxy/backend.cfg.j2
index ac592e25..b1b60f0d 100644
--- a/templates/etc/haproxy/backend.cfg.j2
+++ b/templates/etc/haproxy/backend.cfg.j2
@@ -130,7 +130,17 @@ backend {{ backend.name }}
   server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
+{% if backend.server_template is defined %}
+  server-template {{ backend.server_template.name }} {{ backend.server_template.num}} {{ backend.server_template.fqdn }}{% if backend.server_template.port is defined %}:{{ backend.server_template.port }}{% endif %} {% for param in backend.server_template.param | default([]) %} {{ param }}{% endfor %}
+{% endif %}
+
+{% if backend.retry_on is defined %}
+  retry-on {% for r in backend.retry_on %}{{ r }} {% endfor %}
+{% endif %}
 
+{% if backend.retries is defined %}
+  retries {{ backend.retries }}
+{% endif %}
 {% for errorfile in backend.errorfile | default([]) %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}
diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2
index 1366dfe2..a1a6a7f1 100644
--- a/templates/etc/haproxy/listen.cfg.j2
+++ b/templates/etc/haproxy/listen.cfg.j2
@@ -152,7 +152,17 @@ listen {{ listen.name }}
   server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
+{% if listen.server_template is defined %}
+  server-template {{ listen.server_template.name }} {{ listen.server_template.num}} {{ listen.server_template.fqdn }}{% if listen.server_template.port is defined %}:{{ listen.server_template.port }}{% endif %} {% for param in listen.server_template.param | default([]) %} {{ param }}{% endfor %}
+{% endif %}
+
+{% if listen.retry_on is defined %}
+  retry-on {% for r in listen.retry_on %}{{ r }}{% endfor %}
+{% endif %}
 
+{% if listen.retries is defined %}
+  retries {{ listen.retries }}
+{% endif %}
 {% for errorfile in listen.errorfile | default([]) %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}

From 14a19b7dc98690c35976860fc2209ddcb0617c58 Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Fri, 17 Apr 2020 15:40:14 +0200
Subject: [PATCH 19/24] Consistency changes

* Add latest Ansible versions
* Change dist to xenial
* Also test on Python 3.x
---
 .travis.yml   | 28 ++++++++++------------------
 Dockerfile    |  2 +-
 meta/main.yml |  2 +-
 3 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index b9b046b7..69f4ba53 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,18 +1,25 @@
 ---
 sudo: required
-dist: trusty
+dist: xenial
 
 language: python
-python: "2.7"
+python:
+  - "2.7"
+  - "3.5"
 
 env:
   - ANSIBLE_VERSION=latest
+  - ANSIBLE_VERSION=2.9.7
+  - ANSIBLE_VERSION=2.9.6
   - ANSIBLE_VERSION=2.9.5
   - ANSIBLE_VERSION=2.9.4
   - ANSIBLE_VERSION=2.9.3
   - ANSIBLE_VERSION=2.9.2
   - ANSIBLE_VERSION=2.9.1
   - ANSIBLE_VERSION=2.9.0
+  - ANSIBLE_VERSION=2.8.11
+  - ANSIBLE_VERSION=2.8.10
+  - ANSIBLE_VERSION=2.8.9
   - ANSIBLE_VERSION=2.8.8
   - ANSIBLE_VERSION=2.8.7
   - ANSIBLE_VERSION=2.8.6
@@ -22,6 +29,7 @@ env:
   - ANSIBLE_VERSION=2.8.2
   - ANSIBLE_VERSION=2.8.1
   - ANSIBLE_VERSION=2.8.0
+  - ANSIBLE_VERSION=2.7.17
   - ANSIBLE_VERSION=2.7.16
   - ANSIBLE_VERSION=2.7.15
   - ANSIBLE_VERSION=2.7.14
@@ -60,22 +68,6 @@ env:
   - ANSIBLE_VERSION=2.6.2
   - ANSIBLE_VERSION=2.6.1
   - ANSIBLE_VERSION=2.6.0
-  - ANSIBLE_VERSION=2.5.15
-  - ANSIBLE_VERSION=2.5.14
-  - ANSIBLE_VERSION=2.5.13
-  - ANSIBLE_VERSION=2.5.12
-  - ANSIBLE_VERSION=2.5.11
-  - ANSIBLE_VERSION=2.5.10
-  - ANSIBLE_VERSION=2.5.9
-  - ANSIBLE_VERSION=2.5.8
-  - ANSIBLE_VERSION=2.5.7
-  - ANSIBLE_VERSION=2.5.6
-  - ANSIBLE_VERSION=2.5.5
-  - ANSIBLE_VERSION=2.5.4
-  - ANSIBLE_VERSION=2.5.3
-  - ANSIBLE_VERSION=2.5.2
-  - ANSIBLE_VERSION=2.5.1
-  - ANSIBLE_VERSION=2.5.0
 
 branches:
   only:
diff --git a/Dockerfile b/Dockerfile
index d9adf963..6d537d56 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@ RUN rm -rf $HOME/.cache
 # ansible
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
   apt-get clean
-RUN pip install ansible==2.3.2.0
+RUN pip install ansible==2.6.2
 RUN rm -rf $HOME/.cache
 
 # provision
diff --git a/meta/main.yml b/meta/main.yml
index ee2b7501..c196bfa1 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -6,7 +6,7 @@ galaxy_info:
   company: Oefenweb.nl B.V.
   description: Set up the latest version of HAProxy in Ubuntu systems
   license: MIT
-  min_ansible_version: 2.5.0.0
+  min_ansible_version: 2.6.0
   platforms:
     - name: Ubuntu
       versions:

From 3f7807e8f2d179a17b70ac17ef081fa89a8b85de Mon Sep 17 00:00:00 2001
From: Mischa ter Smitten <mischa@tersmitten.nl>
Date: Sun, 19 Apr 2020 11:27:43 +0200
Subject: [PATCH 20/24] Make it possible not to use the PPA

fixes #92
---
 README.md         | 2 ++
 defaults/main.yml | 1 +
 tasks/install.yml | 1 +
 3 files changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 3a5de20d..f53d2803 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 
 #### Variables
 
+* `haproxy_use_ppa`: [default: `true`]: Whether or not to add the PPA (for installation)
+
 * `haproxy_version`: [default: `1.8`]: Version to install (e.g. `1.5`, `1.6`, `1.7`, `1.8`, `1.9`, `2.0`, `2.1`)
 
 * `haproxy_install`: [default: `[]`]: Additional packages to install (e.g. `socat`)
diff --git a/defaults/main.yml b/defaults/main.yml
index 87e50bae..b5695c48 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,6 @@
 # defaults file for haproxy
 ---
+haproxy_use_ppa: true
 haproxy_version: 1.8
 
 haproxy_dependencies:
diff --git a/tasks/install.yml b/tasks/install.yml
index 2ba5f759..1598a2a6 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -4,6 +4,7 @@
   apt_repository:
     repo: "{{ haproxy_ppa }}"
     update_cache: true
+  when: "{{ haproxy_use_ppa }}"
   tags:
     - haproxy-install-add-repository
 

From 3e578aeff2196e9241e38435e6ac9154fe412919 Mon Sep 17 00:00:00 2001
From: Mark van Driel <mvdriel@nlware.com>
Date: Tue, 21 Apr 2020 14:07:29 +0200
Subject: [PATCH 21/24] Fix when statement

---
 tasks/install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/install.yml b/tasks/install.yml
index 1598a2a6..36c387e5 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -4,7 +4,7 @@
   apt_repository:
     repo: "{{ haproxy_ppa }}"
     update_cache: true
-  when: "{{ haproxy_use_ppa }}"
+  when: haproxy_use_ppa
   tags:
     - haproxy-install-add-repository
 

From 2f854ca1461ba46763334d27decdc946eb50f308 Mon Sep 17 00:00:00 2001
From: Mark van Driel <mvdriel@nlware.com>
Date: Wed, 22 Apr 2020 23:31:00 +0200
Subject: [PATCH 22/24] Fix logformat examples in documentation

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f53d2803..81bf4e95 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_global_raw_options`: [default: `[]`]: Additional arbitrary lines to insert in the section
 
 * `haproxy_defaults_log`: [default: `global`]: Enable per-instance logging of events and traffic. `global` should be used when the instance's logging parameters are the same as the global ones. This is the most common usage
-* `haproxy_defaults_logformat`: [optional]: Allows you to customize the logs in http mode and tcp mode (e.g. `%{+Q}o\ %t\ %s\ %{-Q}r`)
+* `haproxy_defaults_logformat`: [optional]: Allows you to customize the logs in http mode and tcp mode (e.g. `"%{+Q}o\ %t\ %s\ %{-Q}r"`)
 * `haproxy_defaults_mode`: [default: `http`]: Set the running mode or protocol of the instance
 * `haproxy_defaults_source`: [optional]: Set the source address or interface for connections from the proxy
 * `haproxy_defaults_option`: [default: `[httplog, dontlognull]`]: Options (default)
@@ -207,7 +207,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_frontend.{n}.bind_process`:  [optional]: Limits the declaration to a certain set of processes numbers (e.g. `[all]`, `[1]`, `[2 ,3, 4]`)
 * `haproxy_frontend.{n}.mode`: [required]: Set the running mode or protocol of the section (e.g. `http`)
 * `haproxy_frontend.{n}.maxconn`: [optional]: Fix the maximum number of concurrent connections
-* `haproxy_frontend.{n}.logformat`: [optional]: Specifies the log format string to use for traffic logs (e.g. `%{+Q}o\ %t\ %s\ %{-Q}r`)
+* `haproxy_frontend.{n}.logformat`: [optional]: Specifies the log format string to use for traffic logs (e.g. `"%{+Q}o\ %t\ %s\ %{-Q}r"`)
 * `haproxy_frontend.{n}.stick`: [optional]: Stick declarations
 * `haproxy_frontend.{n}.stick.{n}.table`: [required]: Configure the stickiness table for the current section (e.g. `type ip size 500k`)
 * `haproxy_frontend.{n}.option`: [optional]: Options to set (e.g. `[tcplog]`)

From ab41e84a7d2b875b3970416c91107964a4a9dd44 Mon Sep 17 00:00:00 2001
From: Mark van Driel <mvdriel@nlware.com>
Date: Thu, 23 Apr 2020 22:58:30 +0200
Subject: [PATCH 23/24] Fix logformat examples in documentation

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 81bf4e95..4ee7ae31 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_global_raw_options`: [default: `[]`]: Additional arbitrary lines to insert in the section
 
 * `haproxy_defaults_log`: [default: `global`]: Enable per-instance logging of events and traffic. `global` should be used when the instance's logging parameters are the same as the global ones. This is the most common usage
-* `haproxy_defaults_logformat`: [optional]: Allows you to customize the logs in http mode and tcp mode (e.g. `"%{+Q}o\ %t\ %s\ %{-Q}r"`)
+* `haproxy_defaults_logformat`: [optional]: Allows you to customize the logs in http mode and tcp mode (e.g. `'"%{+Q}o\ %t\ %s\ %{-Q}r"'`)
 * `haproxy_defaults_mode`: [default: `http`]: Set the running mode or protocol of the instance
 * `haproxy_defaults_source`: [optional]: Set the source address or interface for connections from the proxy
 * `haproxy_defaults_option`: [default: `[httplog, dontlognull]`]: Options (default)
@@ -207,7 +207,7 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_frontend.{n}.bind_process`:  [optional]: Limits the declaration to a certain set of processes numbers (e.g. `[all]`, `[1]`, `[2 ,3, 4]`)
 * `haproxy_frontend.{n}.mode`: [required]: Set the running mode or protocol of the section (e.g. `http`)
 * `haproxy_frontend.{n}.maxconn`: [optional]: Fix the maximum number of concurrent connections
-* `haproxy_frontend.{n}.logformat`: [optional]: Specifies the log format string to use for traffic logs (e.g. `"%{+Q}o\ %t\ %s\ %{-Q}r"`)
+* `haproxy_frontend.{n}.logformat`: [optional]: Specifies the log format string to use for traffic logs (e.g. `'"%{+Q}o\ %t\ %s\ %{-Q}r"'`)
 * `haproxy_frontend.{n}.stick`: [optional]: Stick declarations
 * `haproxy_frontend.{n}.stick.{n}.table`: [required]: Configure the stickiness table for the current section (e.g. `type ip size 500k`)
 * `haproxy_frontend.{n}.option`: [optional]: Options to set (e.g. `[tcplog]`)

From 837292ab4aad66c0197464234b8b4d1e4fdd311e Mon Sep 17 00:00:00 2001
From: Ian Clark <ian.clark@dreamhost.com>
Date: Tue, 4 Sep 2018 22:57:19 -0700
Subject: [PATCH 24/24] cleaning up template whitespace

---
 templates/etc/haproxy/backend.cfg.j2  | 33 +++---------------------
 templates/etc/haproxy/defaults.cfg.j2 |  8 ------
 templates/etc/haproxy/frontend.cfg.j2 | 28 --------------------
 templates/etc/haproxy/global.cfg.j2   | 24 +----------------
 templates/etc/haproxy/listen.cfg.j2   | 37 +++------------------------
 5 files changed, 7 insertions(+), 123 deletions(-)

diff --git a/templates/etc/haproxy/backend.cfg.j2 b/templates/etc/haproxy/backend.cfg.j2
index b1b60f0d..855b2f09 100644
--- a/templates/etc/haproxy/backend.cfg.j2
+++ b/templates/etc/haproxy/backend.cfg.j2
@@ -3,81 +3,63 @@ backend {{ backend.name }}
 {% if backend.description is defined %}
   description {{ backend.description }}
 {% endif %}
-
 {% if backend.bind_process is defined %}
   bind-process {{ backend.bind_process | join(' ') }}
 {% endif %}
-
   mode {{ backend.mode }}
-
   balance {{ backend.balance }}
-
 {% if backend.source is defined %}
   source {{ backend.source }}
 {% endif %}
-
 {% for option in backend.option | default([])%}
   option {{ option }}
 {% endfor %}
-
 {% for option in backend.no_option | default([])%}
   no option {{ option }}
 {% endfor %}
-
 {% if backend.http_check is defined %}
   http-check {{ backend.http_check }}
 {% endif %}
-
 {% if backend.cookie is defined %}
   cookie {{ backend.cookie }}
 {% endif %}
-
 {% for acl in backend.acl | default([]) %}
   acl {{ acl.string }}
 {% endfor %}
-
 {% for stick in backend.stick | default([]) %}
   stick-table {{ stick.table }}
   stick on {{ stick.stick_on }}
 {% endfor %}
-
 {% for option in backend.no_option | default([]) %}
   no option {{ option }}
 {% endfor %}
-
 {% if backend.no_log | default(false) == true %}
   no log
 {% endif %}
-
 {% for tcp_check in backend.tcp_check | default([]) %}
   tcp-check {{ tcp_check }}
 {% endfor %}
-
 {% for timeout in backend.timeout | default([]) %}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
-
 {% for action in ['reqadd', 'rspadd'] %}
 {% for params in backend[action] | default([]) %}
   {{ action }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqdel', 'reqidel', 'rspdel', 'rspidel'] %}
 {% for params in backend[action] | default([]) %}
   {{ action }} {{ params.search }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqrep', 'reqirep', 'rsprep', 'rspirep'] %}
 {% for params in backend[action] | default([]) %}
   {{ action }} {{ params.search }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% if backend.stats is defined %}
 {% if backend.stats.enable is defined and backend.stats.enable | bool == true %}
   stats enable
@@ -93,58 +75,49 @@ backend {{ backend.name }}
 {% endfor %}
 {% for auth in backend.stats.auth | default([]) %}
   stats auth {{ auth.user }}:{{ auth.passwd }}
-
 {% endfor %}
 {% endif %}
 {% endif %}
-
 {% for http_request in backend.http_request | default([]) %}
   http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
 
 {% endfor %}
-
 {% for tcp_request_inspect_delay in backend.tcp_request_inspect_delay | default([]) %}
   tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }}
-
 {% endfor %}
-
 {% for tcp_request_content in backend.tcp_request_content | default([]) %}
   tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %}
 
 {% endfor %}
-
 {% for http_response in backend.http_response | default([]) %}
   http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
 
 {% endfor %}
-
 {% for compression in backend.compression | default([]) %}
   compression {{ compression.name }} {{ compression.value }}
 {% endfor %}
-
 {% if backend.default_server_params | default([]) %}
   default-server {% for param in backend.default_server_params | default([]) %} {{ param }}{% endfor %}
-{% endif %}
 
+{% endif %}
 {% for server in backend.server | default([]) %}
   server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
 {% if backend.server_template is defined %}
   server-template {{ backend.server_template.name }} {{ backend.server_template.num}} {{ backend.server_template.fqdn }}{% if backend.server_template.port is defined %}:{{ backend.server_template.port }}{% endif %} {% for param in backend.server_template.param | default([]) %} {{ param }}{% endfor %}
-{% endif %}
 
+{% endif %}
 {% if backend.retry_on is defined %}
   retry-on {% for r in backend.retry_on %}{{ r }} {% endfor %}
-{% endif %}
 
+{% endif %}
 {% if backend.retries is defined %}
   retries {{ backend.retries }}
 {% endif %}
 {% for errorfile in backend.errorfile | default([]) %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}
-
 {% for line in backend.raw_options | default([]) %}
   {{ line }}
 {% endfor %}
diff --git a/templates/etc/haproxy/defaults.cfg.j2 b/templates/etc/haproxy/defaults.cfg.j2
index 8abe4df5..0ff8bdca 100644
--- a/templates/etc/haproxy/defaults.cfg.j2
+++ b/templates/etc/haproxy/defaults.cfg.j2
@@ -1,41 +1,33 @@
 {% if haproxy_defaults_log != false %}
   log {{ haproxy_defaults_log }}
 {% endif %}
-
 {% if haproxy_defaults_logformat is defined %}
   log-format {{ haproxy_defaults_logformat }}
 {% endif %}
-
 {% if haproxy_defaults_mode != false %}
   mode {{ haproxy_defaults_mode }}
 {% endif %}
-
 {% if haproxy_defaults_source is defined %}
   source {{ haproxy_defaults_source }}
 {% endif %}
-
 {% if haproxy_defaults_option != false %}
 {% for option in haproxy_defaults_option %}
   option {{ option }}
 {% endfor %}
 {% endif %}
-
 {% for option in haproxy_defaults_no_option | default([]) %}
   no option {{ option }}
 {% endfor %}
-
 {% if haproxy_defaults_timeout != false %}
 {% for timeout in haproxy_defaults_timeout %}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
 {% endif %}
-
 {% if haproxy_defaults_errorfile != false %}
 {% for errorfile in haproxy_defaults_errorfile %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}
 {% endif %}
-
 {% for compression in haproxy_defaults_compression | default([]) %}
   compression {{ compression.name }} {{ compression.value }}
 {% endfor %}
diff --git a/templates/etc/haproxy/frontend.cfg.j2 b/templates/etc/haproxy/frontend.cfg.j2
index c6d51063..465c89f7 100644
--- a/templates/etc/haproxy/frontend.cfg.j2
+++ b/templates/etc/haproxy/frontend.cfg.j2
@@ -3,114 +3,89 @@ frontend {{ frontend.name }}
 {% if frontend.description is defined %}
   description {{ frontend.description }}
 {% endif %}
-
 {% for bind in frontend.bind %}
   bind {{ bind.listen }}{% for param in bind.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
-
 {% if frontend.bind_process is defined %}
   bind-process {{ frontend.bind_process | join(' ') }}
 {% endif %}
-
   mode {{ frontend.mode }}
-
 {% if frontend.maxconn is defined %}
   maxconn {{ frontend.maxconn }}
 {% endif %}
-
 {% for stick in frontend.stick | default([]) %}
   stick-table {{ stick.table }}
 {% endfor %}
-
 {% for option in frontend.option | default([]) %}
   option {{ option }}
 {% endfor %}
-
 {% for option in frontend.no_option | default([]) %}
   no option {{ option }}
 {% endfor %}
-
 {% if frontend.logformat is defined %}
   log-format {{ frontend.logformat }}
 {% endif %}
-
 {% if frontend.no_log | default(false) == true %}
   no log
 {% endif %}
-
 {% for timeout in frontend.timeout | default([]) %}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
-
 {% for acl in frontend.acl | default([]) %}
   acl {{ acl.string }}
 {% endfor %}
-
 {% for capture in frontend.capture | default([]) %}
   capture {{ capture.type }} {{ capture.name }} len {{ capture.length }}
 {% endfor %}
-
 {% for tcp_request_inspect_delay in frontend.tcp_request_inspect_delay | default([]) %}
   tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }}
-
 {% endfor %}
-
 {% for tcp_request_connection in frontend.tcp_request_connection | default([]) %}
   tcp-request connection {{ tcp_request_connection.action }}{% if tcp_request_connection.cond is defined %} {{ tcp_request_connection.cond }}{% endif %}
 
 {% endfor %}
-
 {% for tcp_request_content in frontend.tcp_request_content | default([]) %}
   tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %}
 
 {% endfor %}
-
 {% for tcp_request_session in frontend.tcp_request_session | default([]) %}
   tcp-request session {{ tcp_request_session.action }}{% if tcp_request_session.cond is defined %} {{ tcp_request_session.cond }}{% endif %}
 
 {% endfor %}
-
 {% for http_request in frontend.http_request | default([]) %}
   http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
 
 {% endfor %}
-
 {% for http_response in frontend.http_response | default([]) %}
   http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
 
 {% endfor %}
-
 {% for action in ['reqadd', 'rspadd'] %}
 {% for params in frontend[action] | default([]) %}
   {{ action }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqdel', 'reqidel', 'rspdel', 'rspidel'] %}
 {% for params in frontend[action] | default([]) %}
   {{ action }} {{ params.search }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqrep', 'reqirep', 'rsprep', 'rspirep'] %}
 {% for params in frontend[action] | default([]) %}
   {{ action }} {{ params.search }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for redirect in frontend.redirect | default([]) %}
   redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %}
 
 {% endfor %}
-
 {% for compression in frontend.compression | default([]) %}
   compression {{ compression.name }} {{ compression.value }}
 {% endfor %}
-
 {% if frontend.use_backend is defined %}
 {% if frontend.use_backend is iterable and frontend.use_backend is not string %}
 {% for use_backend in frontend.use_backend | default([]) %}
@@ -120,15 +95,12 @@ frontend {{ frontend.name }}
   use_backend {{ frontend.use_backend }}
 {% endif %}
 {% endif %}
-
 {% if frontend.default_backend is defined %}
   default_backend {{ frontend.default_backend }}
 {% endif %}
-
 {% for errorfile in frontend.errorfile | default([]) %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}
-
 {% for line in frontend.raw_options | default([]) %}
   {{ line }}
 {% endfor %}
diff --git a/templates/etc/haproxy/global.cfg.j2 b/templates/etc/haproxy/global.cfg.j2
index 2d396d85..097ede51 100644
--- a/templates/etc/haproxy/global.cfg.j2
+++ b/templates/etc/haproxy/global.cfg.j2
@@ -4,11 +4,9 @@
 
 {% endfor %}
 {% endif %}
-
 {% if haproxy_global_chroot is defined %}
   chroot {{ haproxy_global_chroot }}
 {% endif %}
-
 {% if haproxy_global_stats != false %}
 {% for socket in haproxy_global_stats.sockets | default([]) %}
   stats socket {{ socket.listen }}{% for param in socket.param | default([]) %} {{ param }}{% endfor %}
@@ -18,95 +16,75 @@
   stats timeout {{ haproxy_global_stats.timeout }}
 {% endif -%}
 {% endif %}
-
 {% if haproxy_global_user != false %}
   user {{ haproxy_global_user }}
 {% endif %}
-
 {% if haproxy_global_group != false %}
   group {{ haproxy_global_group }}
 {% endif %}
-
 {% if haproxy_global_daemon | bool == true %}
   daemon
 {% endif %}
-
 {% if haproxy_global_master_worker | default(false) | bool %}
   master-worker
 {% endif %}
-
 {% if haproxy_global_maxconn is defined %}
   maxconn {{ haproxy_global_maxconn }}
 {% endif %}
-
 {% if haproxy_global_ca_base != false %}
   # Default SSL material locations
   ca-base {{ haproxy_global_ca_base }}
 {% endif %}
-
 {% if haproxy_global_crt_base != false %}
   crt-base {{ haproxy_global_crt_base }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_bind_ciphers != false %}
   # Default ciphers to use on SSL-enabled listening sockets.
   # For more information, see ciphers(1SSL). This list is from:
   #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
   ssl-default-bind-ciphers {{ haproxy_global_ssl_default_bind_ciphers }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_bind_ciphersuites %}
   ssl-default-bind-ciphersuites {{ haproxy_global_ssl_default_bind_ciphersuites }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_bind_options != false %}
   ssl-default-bind-options {{ haproxy_global_ssl_default_bind_options }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_server_ciphers != false %}
   # Default ciphers to use on SSL-enabled listening sockets.
   # For more information, see ciphers(1SSL). This list is from:
   #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
   ssl-default-server-ciphers {{ haproxy_global_ssl_default_server_ciphers }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_server_ciphersuites %}
   ssl-default-server-ciphersuites {{ haproxy_global_ssl_default_server_ciphersuites }}
 {% endif %}
-
 {% if haproxy_global_ssl_default_server_options != false %}
   ssl-default-server-options {{ haproxy_global_ssl_default_server_options }}
 {% endif %}
-
 {% for ssl_engine in haproxy_global_ssl_engines | default([]) %}
   ssl-engine {{ ssl_engine.name }}{% if ssl_engine.algos | default([]) | length %} algo {{ ssl_engine.algos | join(', ') }}{% endif %}
-{% endfor %}
 
+{% endfor %}
 {% if haproxy_global_ssl_mode_async | default(false) | bool %}
   ssl-mode-async
 {% endif %}
-
   nbproc {{ haproxy_global_nbproc }}
-
 {% if haproxy_global_nbthread is defined %}
   nbthread {{ haproxy_global_nbthread }}
 {% endif %}
-
 {% for tune in haproxy_global_tune | default([]) %}
   tune.{{ tune.key }} {{ tune.value }}
 {% endfor %}
-
 {% for option in haproxy_global_option | default([]) %}
   {{ option }}
 {% endfor %}
-
 {% for peers in haproxy_global_peers | default([]) %}
 peers {{ peers.name }}
 {% for peer in peers.peers | default([]) %}
   peer {{ peer.name }} {{ peer.listen }}
 {% endfor %}
 {% endfor %}
-
 {% for line in haproxy_global_raw_options | default([]) %}
   {{ line }}
 {% endfor %}
diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2
index a1a6a7f1..b46bfe92 100644
--- a/templates/etc/haproxy/listen.cfg.j2
+++ b/templates/etc/haproxy/listen.cfg.j2
@@ -3,67 +3,51 @@ listen {{ listen.name }}
 {% if listen.description is defined %}
   description {{ listen.description }}
 {% endif %}
-
 {% for bind in listen.bind %}
   bind {{ bind.listen }}{% for param in bind.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
-
 {% if listen.bind_process is defined %}
   bind-process {{ listen.bind_process | join(' ') }}
 {% endif %}
-
   mode {{ listen.mode }}
-
 {% if listen.balance is defined %}
   balance {{ listen.balance }}
 {% endif %}
-
 {% if listen.maxconn is defined %}
   maxconn {{ listen.maxconn }}
 {% endif %}
-
 {% if listen.http_check is defined %}
   http-check {{ listen.http_check }}
 {% endif %}
-
 {% for stick in listen.stick | default([]) %}
   stick-table {{ stick.table }}
   stick on {{ stick.stick_on }}
 {% endfor %}
-
 {% if listen.source is defined %}
   source {{ listen.source }}
 {% endif %}
-
 {% for option in listen.option | default([]) %}
   option {{ option }}
 {% endfor %}
-
 {% for option in listen.no_option | default([])  %}
   no option {{ option }}
 {% endfor %}
-
 {% if listen.no_log | default(false) == true %}
   no log
 {% endif %}
-
 {% for tcp_check in listen.tcp_check | default([]) %}
   tcp-check {{ tcp_check }}
 {% endfor %}
-
 {% for timeout in listen.timeout | default([]) %}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
-
 {% for acl in listen.acl | default([]) %}
   acl {{ acl.string }}
 {% endfor %}
-
 {% for capture in listen.capture | default([]) %}
   capture {{ capture.type }} {{ capture.name }} len {{ capture.length }}
 {% endfor %}
-
 {% if listen.stats is defined %}
 {% if listen.stats.enable is defined and listen.stats.enable | bool == true %}
   stats enable
@@ -79,94 +63,79 @@ listen {{ listen.name }}
 {% endfor %}
 {% for auth in listen.stats.auth | default([]) %}
   stats auth {{ auth.user }}:{{ auth.passwd }}
-
 {% endfor %}
 {% endif %}
 {% endif %}
-
 {% for tcp_request_inspect_delay in listen.tcp_request_inspect_delay | default([]) %}
   tcp-request inspect-delay {{ tcp_request_inspect_delay.timeout }}
-
 {% endfor %}
-
 {% for tcp_request_connection in listen.tcp_request_connection | default([]) %}
   tcp-request connection {{ tcp_request_connection.action }}{% if tcp_request_connection.cond is defined %} {{ tcp_request_connection.cond }}{% endif %}
 
 {% endfor %}
-
 {% for tcp_request_content in listen.tcp_request_content | default([]) %}
   tcp-request content {{ tcp_request_content.action }}{% if tcp_request_content.cond is defined %} {{ tcp_request_content.cond }}{% endif %}
 
 {% endfor %}
-
 {% for tcp_request_session in listen.tcp_request_session | default([]) %}
   tcp-request session {{ tcp_request_session.action }}{% if tcp_request_session.cond is defined %} {{ tcp_request_session.cond }}{% endif %}
 
 {% endfor %}
-
 {% for http_request in listen.http_request | default([]) %}
   http-request {{ http_request.action }}{% if http_request.param is defined %} {{ http_request.param }}{% endif %}{% if http_request.cond is defined %} {{ http_request.cond }}{% endif %}
 
 {% endfor %}
-
 {% for http_response in listen.http_response | default([]) %}
   http-response {{ http_response.action }}{% if http_response.param is defined %} {{ http_response.param }}{% endif %}{% if http_response.cond is defined %} {{ http_response.cond }}{% endif %}
 
 {% endfor %}
-
 {% for action in ['reqadd', 'rspadd'] %}
 {% for params in listen[action] | default([]) %}
   {{ action }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqdel', 'reqidel', 'rspdel', 'rspidel'] %}
 {% for params in listen[action] | default([]) %}
   {{ action }} {{ params.search }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for action in ['reqrep', 'reqirep', 'rsprep', 'rspirep'] %}
 {% for params in listen[action] | default([]) %}
   {{ action }} {{ params.search }} {{ params.string }}{% if params.cond is defined %} {{ params.cond }}{% endif %}
 
 {% endfor %}
 {% endfor %}
-
 {% for redirect in listen.redirect | default([]) %}
   redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %}
 
 {% endfor %}
-
 {% for compression in listen.compression | default([]) %}
   compression {{ compression.name }} {{ compression.value }}
 {% endfor %}
-
 {% if listen.default_server_params | default([]) %}
   default-server {% for param in listen.default_server_params | default([]) %} {{ param }}{% endfor %}
-{% endif %}
 
+{% endif %}
 {% for server in listen.server | default([]) %}
   server {{ server.name }} {{ server.listen }}{% for param in server.param | default([]) %} {{ param }}{% endfor %}
 
 {% endfor %}
 {% if listen.server_template is defined %}
   server-template {{ listen.server_template.name }} {{ listen.server_template.num}} {{ listen.server_template.fqdn }}{% if listen.server_template.port is defined %}:{{ listen.server_template.port }}{% endif %} {% for param in listen.server_template.param | default([]) %} {{ param }}{% endfor %}
-{% endif %}
 
+{% endif %}
 {% if listen.retry_on is defined %}
   retry-on {% for r in listen.retry_on %}{{ r }}{% endfor %}
-{% endif %}
 
+{% endif %}
 {% if listen.retries is defined %}
   retries {{ listen.retries }}
 {% endif %}
 {% for errorfile in listen.errorfile | default([]) %}
   errorfile {{ errorfile.code }} {{ errorfile.file }}
 {% endfor %}
-
 {% for line in listen.raw_options | default([]) %}
   {{ line }}
 {% endfor %}