haproxy online acl analyzer or debugger for acl analysis
Is it possible to check the haproxy why the
acl is not matching.
May be logs or debugm as why nothing matched or can there be an online tool for the same?
See also questions close to this topic
How to capture cookies on haproxy logs?
I am pretty new to HA Proxy and I am trying to log all http details using httplog option. Where I am able to capture all the details except cookie request and response. I need to capture them to be able to understand users behaviour on our websites.
I have found some reference on google like below,
capture cookie name len 10
note: I am using marathon-lb haproxy official docker image
I am not able understand what should I give at "name" so that it can capture ? or If there is any way to capture ?
thanks in advance for your help :)
Loadbalancing using PHP? Is this effective?
<?php $servers = array("server2", "server3", "server4"); $server = $servers[array_rand($servers)]; header("Location: http://$server"); ?>
Database server, serving all servers
The DNS will be set to server 1 and then the script will redirect them to a random server in order to lower the load.
I could load up multiple server 1's using roundrobin DNS for example.
Furthermore I could improve the script on server 1 to check the health status every so often in order to make sure it doesn't redirect to a server that has gone down.
This could surely balance an unlimited amount of servers, I could just keep spinning up more loadbalancing servers via DNS if the load is super high? I don't see a problem with this, but clearly there must be as nobody uses this method
What I wanted to know is that would this be a good approach to loadbalancing, if not how exactly should it be done? Is there any problems with this approach?
How to restrict access for a back-end just to the internal network
I have an HAProxy with more than twenty backends and I need to limit access to one specific backend, CP-API.MACKMIL.COM, to the following internal network subnets:
10.10.0.0/16 10.20.0.0/16 10.30.0.0/16 10.40.0.0/16
Currently, with the following query, this domain, CP-API.MACKMIL.COM, can be accessed from the outside world but I want to limit that.
curl -vvv -H'Host: cp-api.mackmil.com' https://api.mackmil.com/initializations
My Haproxy config is as follows,
frontend http-https bind :80 accept-proxy bind :443 accept-proxy ssl crt /etc/pki/tls/private/wildcard.mackmil.com.pem crt /etc/pki/tls/private/wildcard.mackmil.de.pem acl host_cp hdr(host) -i cp-api.mackmil.com acl host_cp hdr(host) -i cp-api.prod.mackmil.com use_backend app_cp if host_cp backend app_cp server swarm-worker_10.10.30.199 10.10.30.199:64042 check server swarm-worker_10.10.40.114 10.10.40.114:64042 check server swarm-worker_10.20.40.159 10.20.40.159:64042 check server swarm-worker_10.20.30.190 10.20.30.190:64042 check server swarm-worker_10.30.40.143 10.30.40.143:64042 check server swarm-worker_10.30.40.161 10.30.40.161:64042 check server swarm-worker_10.40.40.107 10.40.40.107:64042 check server swarm-worker_10.40.40.107 10.40.40.107:64042 check
I am struggling on applying this restriction in HTTP/HTTPS mode for just this endpoint. How can I apply this restriction for this backend?