haproxytechblog
haproxytechblog
/ blog20200902-01.sh
Last active
September 2, 2020 14:28
Become FIPS Compliant with HAProxy Enterprise on Red Hat Enterprise Linux 8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ openssl version | |
| OpenSSL 1.1.1c FIPS 28 May 2019 |
haproxytechblog
/ blog20200827-01.xml
Created
August 27, 2020 14:52
HAProxy Enterprise Offers SAML-based Single Sign-on
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: Ramirez |
haproxytechblog
/ blog20200821-01.cfg
Last active
August 23, 2020 04:31
Dynamic SSL Certificate Storage in HAProxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| # Enable the HAProxy Runtime API | |
| stats socket :9999 level admin expose-fd listeners | |
| frontend fe_sitea | |
| mode http | |
| # listen for HTTP traffic | |
| bind :80 |
haproxytechblog
/ blog20200811-01.cfg
Created
August 11, 2020 20:37
Use HAProxy Response Policies to Stop Threats
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend www | |
| bind :80 | |
| default_backend webservers | |
| # use a stick table to track request rates | |
| stick-table type ip size 100k expire 2m store http_req_rate(1m) | |
| http-request track-sc0 src | |
| # Deny if they exceed the limit | |
| acl too_many_requests sc_http_req_rate(0) gt 20 |
haproxytechblog
/ blog20200724-01.sh
Last active
July 11, 2023 08:16
Enable TLS with Let's Encrypt and the HAProxy Kubernetes Ingress Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ helm repo add haproxytech https://haproxytech.github.io/helm-charts | |
| $ helm repo update | |
| $ helm install haproxy haproxytech/kubernetes-ingress |
haproxytechblog
/ blog20200723-01.sh
Created
July 23, 2020 18:20
Announcing HAProxy Data Plane API 2.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -X PUT \ | |
| 'http://127.0.0.1:5555/v2/services/haproxy/configuration/global?version=1' \ | |
| -H 'authorization: Basic YWRtaW46YWRtaW4=' \ | |
| -H 'content-type: application/json' \ | |
| -d '{ | |
| "lua_loads": [ | |
| { | |
| "file": "/etc/haproxy/foo.lua" | |
| } | |
| ] |
haproxytechblog
/ blog20200706-01.sh
Created
July 6, 2020 14:08
Get to Know the HAProxy Process Manager
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo systemctl status haproxy | |
| Main PID: 7528 (haproxy) | |
| Tasks: 3 (limit: 1152) | |
| CGroup: /system.slice/haproxy.service | |
| ├─7528 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock | |
| └─7529 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add new empty certificate | |
| $ echo "new ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem" |socat tcp-connect:127.0.0.1:9999 - | |
| New empty certificate store '/etc/haproxy/certs/wildcard.demo.haproxy.net.pem'! | |
| # Create transaction with certificate data | |
| $ echo -e -n "set ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem <<\n$(cat /tmp/wildcard.demo.haproxy.net.pem)\n\n" |socat tcp-connect:127.0.0.1:9999 - | |
| Transaction created for certificate /etc/haproxy/certs/wildcard.demo.haproxy.net.pem! | |
| # Commit certificate into memory for use | |
| $ echo "commit ssl cert /etc/haproxy/certs/wildcard.demo.haproxy.net.pem" |socat tcp-connect:127.0.0.1:9999 - |
haproxytechblog
/ blog20200511-01.sh
Last active
May 13, 2020 20:36
HAProxy Data Plane API 2.0 Adds More Dynamic Features
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat urls.map | |
| /api/ be_api | |
| /documentation/ be_documentation | |
| /blog/ be_blog |
haproxytechblog
/ 20200320-01.sh
Last active
July 9, 2020 20:30
Use Helm to Install the HAProxy Kubernetes Ingress Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ helm repo add haproxytech https://haproxytech.github.io/helm-charts | |
| "haproxytech" has been added to your repositories |