Created
May 31, 2022 16:10
-
-
Save NickMRamirez/5dde5a560f8e223b688c00b232a05467 to your computer and use it in GitHub Desktop.
Announcing HAProxy 2.6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend mysite | |
bind :80 | |
bind :443 ssl crt /etc/haproxy/certs/foo.com/cert.pem alpn h2 | |
# enables HTTP/3 over QUIC | |
bind quic4@:443 ssl crt /etc/haproxy/certs/foo.com/cert.pem alpn h3 | |
# Redirects to HTTPS | |
http-request redirect scheme https unless { ssl_fc } | |
# 'Alt-Svc' header invites client to switch to the QUIC protocol | |
# Max age (ma) is set to 15 minutes (900 seconds), but | |
# can be increased once verified working as expected | |
http-response set-header alt-svc "h3=\":443\";ma=900;" | |
default_backend webservers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend cache_servers | |
balance hash pathq | |
hash-type consistent | |
server cache1 192.168.56.30:80 check maxconn 30 | |
server cache2 192.168.56.31:80 check maxconn 30 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend www | |
bind :443 ssl crt /etc/haproxy/certs/site.pem verify required ca-file /etc/haproxy/ca/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend webservers | |
server s1 192.168.50.30:80 ssl ca-file @system-ca |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl providers" |\ | |
sudo socat stdio /var/run/haproxy/api.sock | |
Loaded providers : | |
- default |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo socat /run/haproxy-master.sock - | |
prompt | |
master> expert-mode on | |
master(e)> master(e)> show proc | |
#<PID> <type> <reloads> <uptime> <version> | |
5772 master 0 [failed: 0] 0d00h44m58s 2.6-dev11-d8c195-40 | |
# workers | |
5798 worker 0 0d00h44m58s 2.6-dev11-d8c195-40 | |
master> @!5798 help | |
The following commands are valid at this level: | |
abort ssl ca-file <cafile> : abort a transaction for a CA file | |
abort ssl cert <certfile> : abort a transaction for a certificate file | |
abort ssl crl-file <crlfile> : abort a transaction for a CRL file | |
add acl [@<ver>] <acl> <pattern> : add an acl entry | |
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local mycertificate=[[-----BEGIN CERTIFICATE----- | |
MIIDKDCCAhCgAwIBAgIIIbG+G46oc6cwDQYJKoZ...]] | |
local mykey=[[-----BEGIN RSA PRIVATE KEY----- | |
MIIEpAIBAAKCAQEAlB0IloGiMuIJblHBsJ1wQ2zY...]] | |
CertCache.set{filename="certs/cert.pem", crt=mycertificate, key=mykey} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local httpclient = core.httpclient() | |
local response = httpclient:get{ | |
url="http://127.0.0.1:8000/test", | |
dst="127.0.1.1:8001", | |
timeout=10s} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local httpclient = core.httpclient() | |
local response = httpclient:get{ | |
url="http://v2/containers/json", | |
dst="unix@/var/run/docker.sock"} | |
-- response.body is the string: | |
-- [{"Id":"d7bed8420b56dff2f...","Names":["/happy_wright"],"Image":"jmalloc/echo-server",... | |
-- write response to HAProxy log | |
core.Debug(response.body) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo curl -X GET -s \ | |
--unix-socket /var/run/docker.sock \ | |
http://v2/containers/json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo haproxy -dKhelp -q -c -f /dev/null | |
# List of supported keyword classes: | |
all: list all keywords | |
acl: ACL keywords | |
cfg: configuration keywords | |
cli: CLI keywords | |
cnv: sample converter keywords | |
flt: filter names | |
smp: sample fetch functions | |
svc: service names |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo haproxy -dKacl -q -c -f /dev/null | |
# List of registered ACL keywords: | |
base = base -m str | |
base_beg = base -m beg | |
base_dir = base -m dir | |
base_dom = base -m dom | |
base_end = base -m end | |
base_len = base -m len | |
base_reg = base -m reg | |
base_sub = base -m sub | |
[...] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
stats socket /var/run/haproxy/api.sock mode 660 level admin expose-fd listeners |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
setenv HTTP_LOG "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" | |
frontend mysite | |
... | |
log-format "${HTTP_LOG} %[last_rule_file] %[last_rule_line]" | |
# reject request here | |
# log will show: /etc/haproxy/haproxy.cfg 27 | |
http-request deny if TRUE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend mysite | |
... | |
http-response set-var(res.cookie_name) str("foo") | |
http-response set-var(res.cookie_value) str("bar") | |
http-response set-var(res.expiration) date(3600,"s"),http_date | |
http-response set-var(res.cookie_expiration) str("Expires"),add_item("=",res.expiration) | |
http-response set-var(res.cookie_secure) str("Secure") | |
http-response add-header Set-Cookie %[var(res.cookie_name),add_item("=",res.cookie_value),add_item(";",res.cookie_expiration),add_item(";",res.cookie_secure)] | |
# Produces the header: | |
# set-cookie: foo=bar;Expires=Fri, 27 May 2022 03:13:58 GMT;Secure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend mywebsite | |
bind :80 | |
# try using the value from the X-Token header | |
http-request set-var(txn.token) req.hdr(X-Token) | |
# fall back to using the value from the URL parameter 'token' | |
http-request set-var(txn.token,ifnotset) url_param(token) | |
# log the variable | |
http-request capture var(tnx.token) len 10 | |
default_backend webservers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment