Skip to content

Instantly share code, notes, and snippets.

haproxytechblog /
Last active Sep 16, 2022
Verify OAuth JWT tokens with HAProxy
$ openssl x509 -pubkey -noout -in ./myaccount.pem > pubkey.pem
haproxytechblog / blog20220822-01.cfg
Created Aug 22, 2022
Path-based Routing with HAProxy
View blog20220822-01.cfg
frontend mysite
bind :80
# route to a backend based on path's prefix
use_backend app-a if { path /a } || { path_beg /a/ }
use_backend app-b if { path /b } || { path_beg /b/ }
backend app-a
# strip the prefix '/a' off of the path
http-request replace-path /a(/)?(.*) /\2
haproxytechblog /
Last active Aug 5, 2022
Restrict API Access with Client Certificates (mTLS)
$ openssl req \
-newkey rsa:2048 \
-nodes \
-x509 \
-days 3650 \
-keyout root-ca.key \
-out root-ca.crt
haproxytechblog / blog20220729-01.cfg
Created Jul 29, 2022
Log Forwarding with HAProxy and Syslog
View blog20220729-01.cfg
log-forward syslog
# Accepts incoming TCP messages
# Accepts incoming UDP messages
# Sends outgoing messages via UDP
log local0
haproxytechblog / blog20220722-01.cfg
Last active Jul 22, 2022
Preserve stick table data when reloading HAProxy
View blog20220722-01.cfg
peers mypeers
peer garfield
haproxytechblog / blog20220718-01.cfg
Last active Jul 27, 2022
HAProxy Data Plane API 2.6
View blog20220718-01.cfg
# Uses a UDP port
log local0
haproxytechblog /
Created Jun 10, 2022
Custom Resources with HAProxy Kubernetes Ingress Controller
$ kubectl api-resources
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
endpoints ep v1 true Endpoints
events ev v1 true Event
limitranges limits v1 true LimitRange
namespaces ns v1 false Namespace
nodes no v1 false Node
haproxytechblog /
Created Jun 2, 2022
Announcing HAProxy Kubernetes Ingress Controller 1.8
setcap cap_net_bind_service=+ep haproxy
haproxytechblog / blog20220516-01.cfg
Created May 16, 2022
Enable Sticky Sessions in HAProxy
View blog20220516-01.cfg
frontend mywebapp
bind :80
mode http
default_backend webservers
backend webservers
mode http
balance roundrobin
cookie SERVER insert indirect nocache
server web1 check cookie web1
haproxytechblog / blog20220401-01.cfg
Last active Apr 11, 2022
CVE-2022-22965 Spring4Shell Remote Code Execution Mitigation
View blog20220401-01.cfg
frontend fe_main
option http-buffer-request
http-request deny if { query -i -m sub class.module.classLoader.resources.context.parent.pipeline }
http-request deny if { req.hdrs -i -m sub class.module.classLoader.resources.context.parent.pipeline }
http-request deny if { req.body -i -m sub class.module.classLoader.resources.context.parent.pipeline }