Skip to content

Instantly share code, notes, and snippets.

@haproxytechblog

haproxytechblog/blog20210325-01.cfg

Last active March 29, 2021 13:41
Show Gist options
  • Save haproxytechblog/2d1d99f823fe6e5ec2edc0f9e6cbf631 to your computer and use it in GitHub Desktop.
Save haproxytechblog/2d1d99f823fe6e5ec2edc0f9e6cbf631 to your computer and use it in GitHub Desktop.
Download ZIP
HAProxy Enterprise 2.3 and HAProxy 2.4 Support the Financial Information eXchange Protocol (FIX)
Raw
blog20210325-01.cfg
frontend fix_listener
mode tcp
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2
default_backend fix_servers
Raw
blog20210325-02.cfg
backend fix_servers
mode tcp
server server1 10.0.0.1:443 check ssl
server server2 10.0.0.2:443 check ssl
server server3 10.0.0.3:443 check ssl
Raw
blog20210325-03.cfg
frontend fix_listener
mode tcp
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2
tcp-request inspect-delay 1s
tcp-request content reject unless { req.len gt 0 } { req.payload(0,0),fix_is_valid }
default_backend fix_servers
Raw
blog20210325-04.cfg
frontend fix_listener
# ...other listener settings...
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID)
use_backend fix_servers_a if { var(txn.sendercompid) -m str firmA }
default_backend fix_servers_b
Raw
blog20210325-05.cfg
frontend fix_listener
mode tcp
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2 verify required ca-file /etc/haproxy/certs/ca.crt
# ...other listener settings...
Raw
blog20210325-06.txt
172.16.0.2 ACMEFirm
172.17.1.5 AnotherFirm
172.17.2.0/24 YetAnotherFirm
Raw
blog20210325-07.cfg
frontend fix_listener
mode tcp
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2
tcp-request inspect-delay 1s
tcp-request content reject unless { req.len gt 0 } { req.payload(0,0),fix_is_valid }
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID)
tcp-request content set-var(txn.mapped_sendercompid) src,map_str(/etc/haproxy/maps/sender_ips.map)
# Reject connection if the IP was
# not found in the map file
tcp-request content reject unless { var(txn.mapped_sendercompid) -m found }
# Reject connection if the IP didn't
# match the one associated with the
# SenderCompID in the map file
tcp-request content reject unless { var(txn.sendercompid),strcmp(txn.mapped_sendercompid) eq 0 }
Raw
blog20210325-08.cfg
global
setenv TCP_LOG "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
Raw
blog20210325-09.cfg
frontend fix_listener
# ...other listener settings...
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID)
tcp-request content set-var(txn.targetcompid) req.payload(0,0),fix_tag_value(TargetCompID)
# Define a new log format
log-format "${TCP_LOG} %[var(txn.sendercompid)] %[var(txn.targetcompid)]"
Raw
blog20210325-10.cfg
frontend fix_listener
# ...other listener settings...
tcp-request content set-var(txn.errormessage) str("SenderCompID not found in map file") unless { var(txn.mapped_sendercompid) -m found }
tcp-request content set-var(txn.errormessage) str("SenderCompID not from expected IP") unless var(txn.sendercompid),strcmp(txn.mapped_sendercompid) eq 0 }
# Define a new log format
log-format "${TCP_LOG} %[var(txn.sendercompid)] %[var(txn.targetcompid)] %[var(txn.errormessage)]"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment