Last active
January 8, 2022 17:20
-
-
Save haproxytechblog/016c117a610fd003045bbb025336f927 to your computer and use it in GitHub Desktop.
Announcing HAProxy 2.5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ socat stdio tcp4-connect:127.0.0.1:9999 | |
prompt | |
> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> experimental-mode on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> add server be_app/dynserv 10.0.1.5:80 check | |
New server registered. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> enable server be_app/dynserv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> enable health be_app/dynserv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> set server be_app/dynserv state maint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> del server be_app/dynserv | |
Server deleted. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
http-request set-var-fmt(txn.from) "addr=%[src]:%[src_port]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
http-request set-var(txn.from_addr) src | |
http-request set-var(txn.from_port) src_port | |
http-request set-var(txn.from) str("addr"),concat('=',txn.from_addr),concat(':',txn.from_port) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defaults frontend-defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
timeout client 10m | |
http-request redirect scheme https unless { ssl_fc } | |
frontend mysite from frontend-defaults | |
mode http | |
bind :80 | |
bind :443 ssl crt /etc/haproxy/ssl/cert.pem | |
default_backend webservers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# View the summary | |
$ echo "show acl" | sudo socat stdio /run/haproxy/api.sock | |
# id (file) description | |
0 (/etc/haproxy/acls/denylist.acl) pattern loaded from file '/etc/haproxy/acls/denylist.acl' used by acl at file '/etc/haproxy/haproxy.cfg' line 34. curr_ver=0 next_ver=0 entry_cnt=3 | |
# Display all records in the acl file | |
$ echo "show acl /etc/haproxy/acls/denylist.acl" | sudo socat stdio /run/haproxy/api.sock | |
0x55e1de7e2260 10.0.40.1 | |
0x55e1de7e22b0 10.0.40.2 | |
0x55e1de7e2300 10.0.40.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
nbthread 40 | |
frontend fe_main | |
bind 192.168.50.10:80 thread 1-20 name website | |
bind 192.168.50.11:80 thread 21-40 name api |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
nbthread 40 | |
frontend fe_main | |
bind 192.168.50.10:80 thread 1-10 name website-1 | |
bind 192.168.50.10:80 thread 11-20 name website-2 | |
bind 192.168.50.11:80 thread 21-30 name api-1 | |
bind 192.168.50.11:80 thread 31-40 name api-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
bind 192.168.50.10:80 name website-1 | |
bind 192.168.50.10:80 name website-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
bind 192.168.50.10:80 shards 2 name website |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ haproxy -cc 'feature(PROMEX)' | |
# Check the exit status | |
$ echo $? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo -e "set ssl crl-file crlfile.pem <<\n$(cat rootCRL.pem)\n" | \ | |
socat /var/run/haproxy.stat - | |
$ echo "commit ssl crl-file crlfile.pem" | socat /var/run/haproxy.stat - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl crl-file" | socat /var/run/haproxy.master - | |
# transaction | |
*crlfile.pem | |
# filename | |
crlfile.pem | |
$ echo "show ssl crl-file crlfile.pem" | socat /var/run/haproxy.master - | |
Filename: /home/jdoe/work/haproxy/reg-tests/ssl/crlfile.pem | |
Status: Used | |
Certificate Revocation List #1: | |
Version 1 | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: /C=FR/O=HAProxy Technologies/CN=Intermediate CA2 | |
Last Update: Apr 23 14:45:39 2021 GMT | |
Next Update: Sep 8 14:45:39 2048 GMT | |
Revoked Certificates: | |
Serial Number: 1008 | |
Revocation Date: Apr 23 14:45:36 2021 GMT | |
Certificate Revocation List #2: | |
Version 1 | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: /C=FR/O=HAProxy Technologies/CN=Root CA | |
Last Update: Apr 23 14:30:44 2021 GMT | |
Next Update: Sep 8 14:30:44 2048 GMT | |
No Revoked Certificates. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo -e "set ssl ca-file cafile.pem <<\n$(cat rootCA.crt)\n" | \ | |
socat /var/run/haproxy.stat - | |
$ echo "commit ssl ca-file cafile.pem" | socat /var/run/haproxy.stat - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl ca-file" | socat /var/run/haproxy.master - | |
# transaction | |
*cafile.crt - 2 certificate(s) | |
# filename | |
cafile.crt - 1 certificate(s) | |
$ echo "show ssl ca-file cafile.crt" | socat /var/run/haproxy.master - | |
Filename: /home/jdoe/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt | |
Status: Used | |
Certificate #1: | |
Serial: 11A4D2200DC84376E7D233CAFF39DF44BF8D1211 | |
notBefore: Apr 1 07:40:53 2021 GMT | |
notAfter: Aug 17 07:40:53 2048 GMT | |
Subject Alternative Name: | |
Algorithm: RSA4096 | |
SHA1 FingerPrint: A111EF0FEFCDE11D47FE3F33ADCA8435EBEA4864 | |
Subject: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA | |
Issuer: /C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA | |
$ echo "show ssl ca-file *cafile.crt:2" | socat /var/run/haproxy.master - | |
Filename: */home/jdoe/work/haproxy/reg-tests/ssl/set_cafile_ca2.crt | |
Status: Unused | |
Certificate #2: | |
Serial: 587A1CE5ED855040A0C82BF255FF300ADB7C8136 | |
[...] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local httpclient = core.httpclient() | |
local response = httpclient:get("http://127.0.0.1:9000/?s=9999") | |
core.Debug("Status: ".. res.status .. ", Reason : " .. res.reason .. | |
", Len:" .. string.len(res.body) .. "\n") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
http-request redirect code 301 location %[base,map(old-uris.map)] ignore-empty |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment