haproxytechblog
haproxytechblog
/ blog20220909-01.sh
Last active
September 16, 2022 19:16
Verify OAuth JWT tokens with HAProxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ openssl x509 -pubkey -noout -in ./myaccount.pem > pubkey.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend mysite | |
| bind :80 | |
| # route to a backend based on path's prefix | |
| use_backend app-a if { path /a } || { path_beg /a/ } | |
| use_backend app-b if { path /b } || { path_beg /b/ } | |
| backend app-a | |
| # strip the prefix '/a' off of the path | |
| http-request replace-path /a(/)?(.*) /\2 |
haproxytechblog
/ blog20220805-01.sh
Last active
August 5, 2022 20:31
Restrict API Access with Client Certificates (mTLS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ openssl req \ | |
| -newkey rsa:2048 \ | |
| -nodes \ | |
| -x509 \ | |
| -days 3650 \ | |
| -keyout root-ca.key \ | |
| -out root-ca.crt |
haproxytechblog
/ blog20220729-01.cfg
Created
July 29, 2022 15:11
Log Forwarding with HAProxy and Syslog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log-forward syslog | |
| # Accepts incoming TCP messages | |
| bind 0.0.0.0:514 | |
| # Accepts incoming UDP messages | |
| dgram-bind 0.0.0.0:514 | |
| # Sends outgoing messages via UDP | |
| log 172.25.0.12:514 local0 |
haproxytechblog
/ blog20220722-01.cfg
Last active
October 6, 2022 15:50
Preserve stick table data when reloading HAProxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| peers mypeers | |
| peer garfield 127.0.0.1:10000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| # Uses a UDP port | |
| log 192.168.56.30:514 local0 |
haproxytechblog
/ blog20220610-01.sh
Created
June 10, 2022 17:33
Custom Resources with HAProxy Kubernetes Ingress Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ kubectl api-resources | |
| NAME SHORTNAMES APIVERSION NAMESPACED KIND | |
| bindings v1 true Binding | |
| componentstatuses cs v1 false ComponentStatus | |
| configmaps cm v1 true ConfigMap | |
| endpoints ep v1 true Endpoints | |
| events ev v1 true Event | |
| limitranges limits v1 true LimitRange | |
| namespaces ns v1 false Namespace | |
| nodes no v1 false Node |
haproxytechblog
/ blog20220601-01.sh
Created
June 2, 2022 03:38
Announcing HAProxy Kubernetes Ingress Controller 1.8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setcap cap_net_bind_service=+ep haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend mywebapp | |
| bind :80 | |
| mode http | |
| default_backend webservers | |
| backend webservers | |
| mode http | |
| balance roundrobin | |
| cookie SERVER insert indirect nocache | |
| server web1 192.168.56.20:80 check cookie web1 |
haproxytechblog
/ blog20220401-01.cfg
Last active
April 11, 2022 17:34
CVE-2022-22965 Spring4Shell Remote Code Execution Mitigation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend fe_main | |
| ... | |
| option http-buffer-request | |
| http-request deny if { query -i -m sub class.module.classLoader.resources.context.parent.pipeline springframework.context.support.FileSystemXmlApplicationContext } | |
| http-request deny if { req.hdrs -i -m sub class.module.classLoader.resources.context.parent.pipeline springframework.context.support.FileSystemXmlApplicationContext } | |
| http-request deny if { req.body -i -m sub class.module.classLoader.resources.context.parent.pipeline springframework.context.support.FileSystemXmlApplicationContext } | |
NewerOlder