Last active
July 22, 2020 19:58
-
-
Save haproxytechblog/2139917129342392a2924c1eae35bd43 to your computer and use it in GitHub Desktop.
Announcing HAProxy 2.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add new empty certificate | |
$ echo "new ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem" |socat tcp-connect:127.0.0.1:9999 - | |
New empty certificate store '/etc/haproxy/certs/wildcard.demo.haproxy.net.pem'! | |
# Create transaction with certificate data | |
$ echo -e -n "set ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem <<\n$(cat /tmp/wildcard.demo.haproxy.net.pem)\n\n" |socat tcp-connect:127.0.0.1:9999 - | |
Transaction created for certificate /etc/haproxy/certs/wildcard.demo.haproxy.net.pem! | |
# Commit certificate into memory for use | |
$ echo "commit ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem" |socat tcp-connect:127.0.0.1:9999 - | |
Committing /etc/haproxy/certs/wildcard.demo.haproxy.net.pem | |
Success! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "add ssl crt-list /etc/haproxy/crt.lst /etc/haproxy/certs/wildcard.demo.haproxy.net.pem" |socat tcp-connect:127.0.0.1:9999 - | |
Inserting certificate '/etc/haproxy/certs/wildcard.demo.haproxy.net.pem' in crt-list '/etc/haproxy/crt.lst'. | |
Success! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl cert" |socat tcp-connect:127.0.0.1:9999 - | |
# filename | |
certs/test.local.pem.ecdsa | |
certs/test.local.pem.rsa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl cert certs/test.local.pem.ecdsa" |socat tcp-connect:127.0.0.1:9999 - | |
Filename: certs/test.local.pem.ecdsa | |
Status: Used | |
Serial: 0474204BCBAEFD4271A9E77AACC35BA92D42 | |
notBefore: Apr 28 11:07:59 2020 GMT | |
notAfter: Jul 27 11:07:59 2020 GMT | |
Subject Alternative Name: DNS:test.local, DNS:test.local | |
Algorithm: EC256 | |
SHA1 FingerPrint: B3B9F41ECD74422EE0DD7A8C7F35CFA3C398CA82 | |
Subject: /CN=test.local | |
Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 | |
Chain Subject: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 | |
Chain Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show ssl crt-list" |socat tcp-connect:127.0.0.1:9999 - | |
/etc/haproxy/crt.lst | |
$ echo "show ssl crt-list /etc/haproxy/crt.lst" |socat tcp-connect:127.0.0.1:9999 - | |
# /etc/haproxy/crt.lst | |
/etc/haproxy/certs/test.local.pem.ecdsa [alpn h2,http/1.1] | |
/etc/haproxy/certs/wildcard.demo.haproxy.net.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ssl-default-bind-curves X25519:P-256 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request return content-type image/x-icon file /etc/haproxy/favicon.ico if { path /favicon.ico } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request return status 200 content-type "text/plain; charset=utf-8" lf-string "Hey there! \xF0\x9F\x90\x98 \nYou're accessing: %[req.hdr(host)]:%[dst_port]%[var(txn.lock_emoji)]\nFrom: %[src].\nYou've made a total of %[sc_http_req_cnt(0)] requests.\n" if { path /hello } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl -k https://demo.haproxy.local/hello | |
Hey there! 🐘 | |
You're accessing: demo.haproxy.local:443🔒 | |
From: 192.168.1.25 | |
You've made a total of 7 requests. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-errors test.local | |
errorfile 400 /etc/haproxy/errorfiles/test.local/400.http | |
errorfile 403 /etc/haproxy/errorfiles/test.local/403.http | |
http-errors demo.haproxy.net | |
errorfile 400 /etc/haproxy/errorfiles/demo.haproxy.net/400.http | |
errorfile 403 /etc/haproxy/errorfiles/demo.haproxy.net/403.http |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request deny errorfiles test.local if { req.hdr(host) test.local } { src 127.0.0.1 } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend be_main | |
errorfiles test.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend servers | |
option httpchk HEAD /health HTTP/1.1\r\nHost:\ test.local | |
server srv1 192.168.1.5:80 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend servers | |
option httpchk | |
http-check send meth HEAD uri /health ver HTTP/1.1 hdr Host test.local | |
server srv1 192.168.1.5:80 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend servers | |
option httpchk | |
http-check send meth POST uri /health hdr Content-Type "application/json;charset=UTF-8" hdr Host www.mwebsite.com body "{\"id\": 1, \"field\": \"value\"}" | |
server srv1 192.168.1.5:80 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend servers | |
option httpchk | |
http-check connect ssl alpn h2 | |
http-check send meth HEAD uri /health ver HTTP/2 hdr Host www.test.local | |
server srv1 192.168.1.5:443 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend servers | |
option httpchk | |
http-check connect port 8080 | |
http-check send meth HEAD uri /health | |
http-check connect port 8081 | |
http-check send meth HEAD uri /up | |
server server1 127.0.0.1:80 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ring requests0 | |
description "request logs" | |
format rfc3164 | |
maxlen 1200 | |
size 32764 | |
timeout connect 5s | |
timeout server 10s | |
server request-log 127.0.0.1:6514 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log ring@requests0 local7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show events requests0" |socat tcp-connect:127.0.0.1:9999 - | |
<189>Jun 14 15:58:33 haproxy[22071]: Proxy fe_main started. | |
<190>Jun 14 15:58:40 haproxy[22072]: ::ffff:127.0.0.1:55344 [14/Jun/2020:15:58:40.071] fe_main be_main/server1 0/0/0/1/1 200 799 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
call trace(20): | |
| 0x53e2dc [eb 16 48 63 c3 48 c1 e0]: wdt_handler+0x10c | |
| 0x800e02cfe [e8 5d 83 00 00 8b 18 8b]: libthr:pthread_sigmask+0x53e | |
| 0x800e022bf [48 83 c4 38 5b 41 5c 41]: libthr:pthread_getspecific+0xdef | |
| 0x7ffffffff003 [48 8d 7c 24 10 6a 00 48]: main+0x7fffffb416f3 | |
| 0x801373809 [85 c0 0f 84 6f ff ff ff]: libc:__sys_gettimeofday+0x199 | |
| 0x801373709 [89 c3 85 c0 75 a6 48 8b]: libc:__sys_gettimeofday+0x99 | |
| 0x801371c62 [83 f8 4e 75 0f 48 89 df]: libc:gettimeofday+0x12 | |
| 0x51fa0a [48 89 df 4c 89 f6 e8 6b]: ha_thread_dump_all_to_trash+0x49a | |
| 0x4b723b [85 c0 75 09 49 8b 04 24]: mworker_cli_sockpair_new+0xd9b | |
| 0x4b6c68 [85 c0 75 08 4c 89 ef e8]: mworker_cli_sockpair_new+0x7c8 | |
| 0x532f81 [4c 89 e7 48 83 ef 80 41]: task_run_applet+0xe1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tcp-request connection track-sc0 src,debug(track-sc) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show events buf0"|socat /var/run/haproxy.sock - | |
<0>2020-06-10T20:54:59.960865 [debug] track-sc: type=ipv4 <192.168.1.17> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[NOTICE] 165/231825 (7274) : haproxy version is 2.2.0 | |
[NOTICE] 165/231825 (7274) : path to executable is ./haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-after-response set-header Via "%[res.ver] haproxy" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# strip /foo, e.g. turn /foo/bar?q=1 into /bar?q=1 | |
http-request replace-path /foo/(.*) /\1 if { url_beg /foo/ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lua-prepend-path /usr/share/haproxy-lua/?/init.lua | |
lua-prepend-path /usr/share/haproxy-lua/?.lua |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local reply = txn:reply() | |
reply:set_status(400, "Bad request") | |
reply:add_header("content-length", "text/html") | |
reply:add_header("cache-control", "no-cache") | |
reply:add_header("cache-control", "no-store") | |
reply:set_body("<html><body><h1>invalid request<h1></body></html>") | |
txn:done(reply) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request redirect location '%[url,regsub("(foo|bar)([0-9]+)?","\2\1",i)]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show table fe_main data.http_req_cnt gt 1 data.http_req_rate gt 3" |socat tcp-connect:127.0.0.1:9999 - | |
# table: fe_main, type: ip, size:1048576, used:1 | |
0x55e7888c2100: key=192.168.1.17 use=0 exp=7973 http_req_cnt=7 http_req_rate(10000)=7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use-server %[hdr(srv)] if { hdr(srv) -m found } | |
server app1 172.31.31.151:10000 check | |
server app2 172.31.31.174:10000 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl -H 'srv: app2' https://localhost/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "expert-mode on; debug dev memstats;" |socat /var/run/haproxy.sock - | |
ev_epoll.c:260 CALLOC size: 9600 calls: 4 size/call: 2400 | |
ssl_sock.c:4555 CALLOC size: 64 calls: 1 size/call: 64 | |
ssl_sock.c:2735 MALLOC size: 342 calls: 3 size/call: 114 | |
ssl_ckch.c:913 CALLOC size: 88 calls: 1 size/call: 88 | |
ssl_ckch.c:773 CALLOC size: 56 calls: 1 size/call: 56 | |
ssl_ckch.c:759 CALLOC size: 122 calls: 1 size/call: 122 | |
cfgparse-ssl.c:1041 STRDUP size: 12 calls: 1 size/call: 12 | |
cfgparse-ssl.c:1038 STRDUP size: 668 calls: 1 size/call: 668 | |
cfgparse-ssl.c:253 STRDUP size: 12 calls: 1 size/call: 12 | |
cfgparse-ssl.c:202 STRDUP size: 1336 calls: 2 size/call: 668 | |
hlua.c:8007 REALLOC size: 15328 calls: 7 size/call: 2189 | |
hlua.c:7997 MALLOC size: 137509 calls: 1612 size/call: 85 | |
cfgparse.c:4098 CALLOC size: 256 calls: 8 size/call: 32 | |
cfgparse.c:4075 CALLOC size: 600 calls: 15 size/call: 40 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment