CONTENT

CHANGES

Szukaj

#top Konfiguracja¶

[<<]|[<]|[^]|[v]|[>]|[>>]|[Zwiń]|[#top]|[X]

#top Listen¶

Zobacz także Listen dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: bind | bind - kopia
Składnia: bind [<address>]:<port_range> [, ...]
Składnia: bind [<address>]:<port_range> [, ...] interface <interface>
Składnia: bind [<address>]:<port_range> [, ...] mss <maxseg>
Składnia: bind [<address>]:<port_range> [, ...] transparent
Składnia: bind [<address>]:<port_range> [, ...] id <id>
Składnia: bind [<address>]:<port_range> [, ...] name <name>
Składnia: bind [<address>]:<port_range> [, ...] defer-accept
Opis: Define one or several listening addresses and/or ports in a frontend.

Arguments:
<address>

is optional and can be a host name, an IPv4 address, an IPv6 address, or '*'. It designates the address the frontend will listen on. If unset, all IPv4 addresses of the system will be listened on. The same will apply for '*' or the system's special address "0.0.0.0".

EXAMPLES
<address> is optional. If unset, all IPv4 addresses of the system will be listened on.
The same will apply for '*' or the system's special address "0.0.0.0".
Konfiguracja nasłuchiwania na wszystkich adresach IPv4 na porcie 80.

bind :80

<address> is optional. If unset, all IPv4 addresses of the system will be listened on.
The same will apply for '*' or the system's special address "0.0.0.0".
Konfiguracja nasłuchiwania na wszystkich adresach IPv4 na porcie 80.

bind *:80

bind 0.0.0.0:80

<address> is optional, [...] an IPv6 address.
Konfiguracja nasłuchiwania na wszystkich adresach IPv6 na porcie 80.

bind :::80

#top Timeout¶

Zobacz także Timeout dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: timeout check | timeout check - kopia
Składnia: timeout check <timeout>
Opis: Set additional check timeout, but only after a connection has been already established.
If set, haproxy uses min("timeout connect", "inter") as a connect timeout for check and "timeout check" as an additional read timeout. The "min" is used so that people running with *very* long "timeout connect" (eg. those who needed this due to the queue or tarpit) do not slow down their checks. (Please also note that there is no valid reason to have such long connect timeouts, because "timeout queue" and "timeout tarpit" can always be used to avoid that).
If "timeout check" is not set haproxy uses "inter" for complete check timeout (connect + read) exactly like all <1.3.15 version.
In most cases check request is much simpler and faster to handle than normal requests and people may want to kick out laggy servers so this timeout should be smaller than "timeout server".
This parameter is specific to backends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to forget about it.

Dokumentacja HAProxy: timeout client | timeout client - kopia
Składnia: timeout client <timeout>
Składnia: timeout clitimeout <timeout> (deprecated)
Opis: Set the maximum inactivity time on the client side.
The inactivity timeout applies when the client is expected to acknowledge or send data. In HTTP mode, this timeout is particularly important to consider during the first phase, when the client sends the request, and during the response while it is reading data sent by the server. The value is specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as specified at the top of this document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly recommended that the client timeout remains equal to the server timeout in order to avoid complex situations to debug. It is a good practice to cover one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (eg: 4 or 5 seconds).
This parameter is specific to frontends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to forget about it. An unspecified timeout results in an infinite timeout, which is not recommended. Such a usage is accepted and works but reports a warning during startup because it may results in accumulation of expired sessions in the system if the system's timeouts are not configured either.

Dokumentacja HAProxy: timeout connect | timeout connect - kopia
Składnia: timeout connect <timeout>
Składnia: timeout contimeout <timeout> (deprecated)
Opis: Set the maximum time to wait for a connection attempt to a server to succeed.
If the server is located on the same LAN as haproxy, the connection should be immediate (less than a few milliseconds). Anyway, it is a good practice to cover one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (eg: 4 or 5 seconds). By default, the connect timeout also presets both queue and tarpit timeouts to the same value if these have not been specified.
This parameter is specific to backends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to forget about it. An unspecified timeout results in an infinite timeout, which is not recommended. Such a usage is accepted and works but reports a warning during startup because it may results in accumulation of failed sessions in the system if the system's timeouts are not configured either.

Dokumentacja HAProxy: timeout http-keep-alive | timeout http-keep-alive - kopia
Składnia: timeout http-keep-alive <timeout>
Opis: Set the maximum allowed time to wait for a new HTTP request to appear
By default, the time to wait for a new request in case of keep-alive is set by "timeout http-request". However this is not always convenient because some people want very short keep-alive timeouts in order to release connections faster, and others prefer to have larger ones but still have short timeouts once the request has started to present itself.
The "http-keep-alive" timeout covers these needs. It will define how long to wait for a new HTTP request to start coming after a response was sent. Once the first byte of request has been seen, the "http-request" timeout is used to wait for the complete request to come. Note that empty lines prior to a new request do not refresh the timeout and are not counted as a new request.
There is also another difference between the two timeouts : when a connection expires during timeout http-keep-alive, no error is returned, the connection just closes. If the connection expires in "http-request" while waiting for a connection to complete, a HTTP 408 error is returned.
In general it is optimal to set this value to a few tens to hundreds of milliseconds, to allow users to fetch all objects of a page at once but without waiting for further clicks. Also, if set to a very small value (eg: 1 millisecond) it will probably only accept pipelined requests but not the non-pipelined ones. It may be a nice trade-off for very large sites running with tens to hundreds of thousands of clients.
If this parameter is not set, the "http-request" timeout applies, and if both are not set, "timeout client" still applies at the lower level. It should be set in the frontend to take effect, unless the frontend is in TCP mode, in which case the HTTP backend's timeout will be used.

Dokumentacja HAProxy: timeout http-request | timeout http-request - kopia
Składnia: timeout http-request <timeout>
Opis: Set the maximum allowed time to wait for a complete HTTP request
In order to offer DoS protection, it may be required to lower the maximum accepted time to receive a complete HTTP request without affecting the client timeout. This helps protecting against established connections on which nothing is sent. The client timeout cannot offer a good protection against this abuse because it is an inactivity timeout, which means that if the attacker sends one character every now and then, the timeout will not trigger. With the HTTP request timeout, no matter what speed the client types, the request will be aborted if it does not complete in time.
Note that this timeout only applies to the header part of the request, and not to any data. As soon as the empty line is received, this timeout is not used anymore. It is used again on keep-alive connections to wait for a second request if "timeout http-keep-alive" is not set.
Generally it is enough to set it to a few seconds, as most clients send the full request immediately upon connection. Add 3 or more seconds to cover TCP retransmits but that's all. Setting it to very low values (eg: 50 ms) will generally work on local networks as long as there are no packet losses. This will prevent people from sending bare HTTP requests using telnet.
If this parameter is not set, the client timeout still applies between each chunk of the incoming request. It should be set in the frontend to take effect, unless the frontend is in TCP mode, in which case the HTTP backend's timeout will be used.

Dokumentacja HAProxy: timeout queue | timeout queue - kopia
Składnia: timeout queue <timeout>
Opis: Set the maximum time to wait in the queue for a connection slot to be free
When a server's maxconn is reached, connections are left pending in a queue which may be server-specific or global to the backend. In order not to wait indefinitely, a timeout is applied to requests pending in the queue. If the timeout is reached, it is considered that the request will almost never be served, so it is dropped and a 503 error is returned to the client.
The "timeout queue" statement allows to fix the maximum time for a request to be left pending in a queue. If unspecified, the same value as the backend's connection timeout ("timeout connect") is used, for backwards compatibility with older versions with no "timeout queue" parameter.

Dokumentacja HAProxy: timeout server | timeout server - kopia
Składnia: timeout server <timeout>
Składnia: timeout srvtimeout <timeout> (deprecated)
Opis: Set the maximum inactivity time on the server side.
The inactivity timeout applies when the server is expected to acknowledge or send data. In HTTP mode, this timeout is particularly important to consider during the first phase of the server's response, when it has to send the headers, as it directly represents the server's processing time for the request. To find out what value to put there, it's often good to start with what would be considered as unacceptable response times, then check the logs to observe the response time distribution, and adjust the value accordingly.
The value is specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as specified at the top of this document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly recommended that the client timeout remains equal to the server timeout in order to avoid complex situations to debug. Whatever the expected server response times, it is a good practice to cover at least one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (eg: 4 or 5 seconds minimum).
This parameter is specific to backends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to forget about it. An unspecified timeout results in an infinite timeout, which is not recommended. Such a usage is accepted and works but reports a warning during startup because it may results in accumulation of expired sessions in the system if the system's timeouts are not configured either.

Dokumentacja HAProxy: timeout tarpit | timeout tarpit - kopia
Składnia: timeout tarpit <timeout>
Opis: Set the duration for which tarpitted connections will be maintained
When a connection is tarpitted using "reqtarpit", it is maintained open with no activity for a certain amount of time, then closed. "timeout tarpit" defines how long it will be maintained open.
The value is specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit, as specified at the top of this document. If unspecified, the same value as the backend's connection timeout ("timeout connect") is used, for backwards compatibility with older versions with no "timeout tarpit" parameter.

EXAMPLES

# set default timeout values
defaults
    [...]
    # Set the maximum time to wait for a connection attempt to a server to succeed
    timeout connect         30s
    # Set the maximum inactivity time on the server side
    timeout server         300s
    # Set additional check timeout, but only after a connection has been already established
    timeout check           10s
    # Set the maximum allowed time to wait for a complete HTTP request
    timeout http-request    30s
    # Set the maximum inactivity time on the client side
    timeout client          30s
    # Set the maximum allowed time to wait for a new HTTP request to appear
    timeout http-keep-alive 10s
    # Set the maximum time to wait in the queue for a connection slot to be free
    timeout queue           10s

# overrwrite default timeout values in backend
backend host___default
    [...]
    # Set the maximum time to wait for a connection attempt to a server to succeed
    timeout connect         30s
    # Set the maximum inactivity time on the server side
    timeout server         300s
    # Set additional check timeout, but only after a connection has been already established
    timeout check           10s
    # Set the maximum allowed time to wait for a complete HTTP request
    timeout http-request    30s
    # Set the maximum inactivity time on the client side
    timeout client          30s
    # Set the maximum allowed time to wait for a new HTTP request to appear
    timeout http-keep-alive 10s
    # Set the maximum time to wait in the queue for a connection slot to be free
    timeout queue           10s

#top Signature¶

# The public 'www' address in the DMZ
frontend public
[...]
    rspadd X-Via:\ haproxy

Zalecana konfiguracja

# zalecana konfiguracja: wyłączenie informacji o wersji serwera w nagłówkach HTTP oraz obecności serwera proxy
# The public 'www' address in the DMZ
frontend public
[...]
    rspdel X-Via:

#top vhosts default¶

# The public 'www' address in the DMZ
frontend public
[...]
    default_backend defaultvhosts

# The default backend for other requests
backend defaultvhosts
    mode        http
[...]
    server      wwwsrv1 10.41.0.54:80 minconn 50 maxconn 500 cookie s4 check inter 1000 weight 10
    server      wwwsrv2 10.41.0.56:80 minconn 50 maxconn 500 cookie s4 check inter 1000 weight 10

#top vhosts SSL¶

Zobacz także vhosts SSL dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Brak obsługi virtualnych hostów!!! HAProxy jest serwerem Proxy High Availability Performance. (NOTE: Obsług SSL dostępna od wersji 1.5)

Dokumentacja HAProxy: bind | bind - kopia
Dokumentacja HAProxy: default_backend | default_backend - kopia
Dokumentacja HAProxy: use_backend | use_backend - kopia
Dokumentacja HAProxy: acl | acl - kopia
Dokumentacja HAProxy: Using ACLs and pattern extraction | Using ACLs and pattern extraction - kopia
EXAMPLES

frontend secured
    mode http
    bind 0.0.0.0:443 ssl crt /etc/pki/tls/certs/hostname.pem
    # bind 0.0.0.0:443 ssl crt /etc/pki/tls/certs/hostname.pem ca-file /etc/pki/tls/certs/ca-bundle.crt
    reqadd X-Forwarded-Proto:\ https
    default_backend defaultssl

backend defaultssl
    mode        http
[...]
    fullconn    4000 # the servers will be used at full load above this number of connections
    server      wwwsrv1 10.41.0.54:80 minconn 50 maxconn 500 cookie s4 check inter 1000 weight 10
    server      wwwsrv2 10.41.0.56:80 minconn 50 maxconn 500 cookie s4 check inter 1000 weight 10

#top ErrorLog¶

#top AccessLog¶

Zobacz także AccessLog dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: log | log - kopia
Składnia: log <address> <facility> [max level [min level]]
Opis: Adds a global syslog server. Up to two global servers can be defined. They will receive logs for startups and exits, as well as all logs from proxies configured with "log global".

EXAMPLES

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    #log loghost    local0 info
[...]

Where local0+local1 are rsyslog facility defined in /etc/rsyslog.conf:

# configure local2 events to go to the /var/log/haproxy.log
local0.*                                                /var/log/haproxy/local0.log
local1.*                                                /var/log/haproxy/local1.log

#top LogFormat¶

Zobacz także LogFormat dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: log | log - kopia
Składnia: log global
Opis:

Dokumentacja HAProxy: option-httplog | option-httplog - kopia
Składnia: option httplog
Opis:

Dokumentacja HAProxy: option-tcplog | option-tcplog - kopia
Składnia: option tcplog
Opis:

Dokumentacja HAProxy: option-dontlognull | option-dontlognull - kopia
Składnia: option dontlognull
Opis:

HAProxy supports 4 log formats. Several fields are common between these formats and will be detailed in the following sections. A few of them may vary slightly with the configuration, due to indicators specific to certain options. The supported formats are as follows:

- the default format, which is very basic and very rarely used. It only provides very basic information about the incoming connection at the moment it is accepted : source IP:port, destination IP:port, and frontend-name. This mode will eventually disappear so it will not be described to great extents.
- the TCP format, which is more advanced. This format is enabled when "option tcplog" is set on the frontend. HAProxy will then usually wait for the connection to terminate before logging. This format provides much richer information, such as timers, connection counts, queue size, etc... This format is recommended for pure TCP proxies.
- the HTTP format, which is the most advanced for HTTP proxying. This format is enabled when "option httplog" is set on the frontend. It provides the same information as the TCP format with some HTTP-specific fields such as the request, the status code, and captures of headers and cookies. This format is recommended for HTTP proxies.
- the CLF HTTP format, which is equivalent to the HTTP format, but with the fields arranged in the same order as the CLF format. In this mode, all timers, captures, flags, etc... appear one per field after the end of the common fields, in the same order they appear in the standard HTTP format.

EXAMPLES

defaults
    log         global
    mode        http
    option      httplog
    option      dontlognull
[...]

Where global means global section in HAProxy configuration file /etc/haproxy/haproxy.cfg as explained above in AccessLog.

#top server status¶

Zobacz także server status dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: monitor-uri | monitor-uri - kopia
Składnia: monitor-uri <uri>
Opis: Intercept a URI used by external components' monitor requests

Dokumentacja HAProxy: monitor-fail | monitor-fail - kopia
Składnia: monitor fail { if | unless } <condition>
Opis: Add a condition to report a failure to a monitor HTTP request.

Dokumentacja HAProxy: monitor-net | monitor-net - kopia
Składnia: monitor-net <source>
Opis: Declare a source network which is limited to monitor requests

Dokumentacja HAProxy: stats-enable | stats-enable - kopia
Składnia: stats enable
Opis: Enable statistics reporting with default settings

Dokumentacja HAProxy: stats-uri | stats-uri - kopia
Składnia: stats uri <prefix>
Opis: Enable statistics and define the URI prefix to access them

Dokumentacja HAProxy: stats http-request | stats http-request - kopia
Składnia: stats http-request { allow | deny | auth [realm <realm>] } [ { if | unless } <condition> ]
Opis: Access control for statistics

Dokumentacja HAProxy: stats-auth | stats-auth - kopia
Składnia: stats auth <user>:<passwd>
Opis: Enable statistics with authentication and grant access to an account

Dokumentacja HAProxy: stats-admin | stats-admin - kopia
Składnia: stats admin { if | unless } <cond>
Opis: Enable statistics admin level if/unless a condition is matched

Dokumentacja HAProxy: stats-realm | stats-realm - kopia
Składnia: stats realm <realm>
Opis: Enable statistics and set authentication realm

Dokumentacja HAProxy: stats-refresh | stats-refresh - kopia
Składnia: stats refresh <delay>
Opis: Enable statistics with automatic refresh

EXAMPLES

# Use /haproxy_test to report haproxy's status
frontend www
    mode http
    acl site_dead nbsrv(dynamic) lt 2
    acl site_dead nbsrv(static) lt 2
    monitor-uri /haproxy_test
    monitor fail if site_dead
    monitor-net 192.168.0.252/31

EXAMPLES

# public access (limited to this backend only)
backend public_www
    server srv1 192.168.0.1:80
    stats enable
    stats hide-version
    stats scope   .
    stats uri     /admin?stats
    stats realm   Haproxy\ Statistics
    stats auth    admin1:AdMiN123
    stats auth    admin2:AdMiN321

# internal monitoring access (unlimited)
backend private_monitoring
    stats enable
    stats uri     /admin?stats
    stats refresh 5s

Wynik wywołania adresu monitorowania http://example.org/monitor-uri:

<html><body><h1>200 OK</h1>
HAProxy: service ready.
</body></html>

Wynik wywołania adresu statystyk http://example.org/admin?stats:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>Statistics Report for HAProxy</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<style type="text/css"><!--
body { font-family: arial, helvetica, sans-serif; font-size: 12px; font-weight: normal; color: black; background: white;}
th,td { font-size: 10px;}
h1 { font-size: x-large; margin-bottom: 0.5em;}
h2 { font-family: helvetica, arial; font-size: x-large; font-weight: bold; font-style: italic; color: #6020a0; margin-top: 0em; margin-bottom: 0em;}
h3 { font-family: helvetica, arial; font-size: 16px; font-weight: bold; color: #b00040; background: #e8e8d0; margin-top: 0em; margin-bottom: 0em;}
li { margin-top: 0.25em; margin-right: 2em;}
.hr {margin-top: 0.25em; border-color: black; border-bottom-style: solid;}
.titre  {background: #20D0D0;color: #000000; font-weight: bold; text-align: center;}
.total  {background: #20D0D0;color: #ffff80;}
.frontend       {background: #e8e8d0;}
.socket {background: #d0d0d0;}
.backend        {background: #e8e8d0;}
.active0        {background: #ff9090;}
.active1        {background: #ffd020;}
.active2        {background: #ffffa0;}
.active3        {background: #c0ffc0;}
.active4        {background: #ffffa0;}
.active5        {background: #a0e0a0;}
.active6        {background: #e0e0e0;}
.backup0        {background: #ff9090;}
.backup1        {background: #ff80ff;}
.backup2        {background: #c060ff;}
.backup3        {background: #b0d0ff;}
.backup4        {background: #c060ff;}
.backup5        {background: #90b0e0;}
.backup6        {background: #e0e0e0;}
.maintain       {background: #c07820;}
.rls      {letter-spacing: 0.2em; margin-right: 1px;}

a.px:link {color: #ffff40; text-decoration: none;}a.px:visited {color: #ffff40; text-decoration: none;}a.px:hover {color: #ffffff; text-decoration: none;}a.lfsb:link {color: #000000; text-decoration: none;}a.lfsb:visited {color: #000000; text-decoration: none;}a.lfsb:hover {color: #505050; text-decoration: none;}
table.tbl { border-collapse: collapse; border-style: none;}
table.tbl td { text-align: right; border-width: 1px 1px 1px 1px; border-style: solid solid solid solid; padding: 2px 3px; border-color: gray; white-space: nowrap;}
table.tbl td.ac { text-align: center;}
table.tbl th { border-width: 1px; border-style: solid solid solid solid; border-color: gray;}
table.tbl th.pxname { background: #b00040; color: #ffff40; font-weight: bold; border-style: solid solid none solid; padding: 2px 3px; white-space: nowrap;}
table.tbl th.empty { border-style: none; empty-cells: hide; background: white;}
table.tbl th.desc { background: white; border-style: solid solid none solid; text-align: left; padding: 2px 3px;}

table.lgd { border-collapse: collapse; border-width: 1px; border-style: none none none solid; border-color: black;}
table.lgd td { border-width: 1px; border-style: solid solid solid solid; border-color: gray; padding: 2px;}
table.lgd td.noborder { border-style: none; padding: 2px; white-space: nowrap;}
u {text-decoration:none; border-bottom: 1px dotted black;}
-->
</style></head>
<body><h1><a href="http://haproxy.1wt.eu/" style="text-decoration: none;">HAProxy</a></h1>
<h2>Statistics Report for pid 4699</h2>
<hr width="100%" class="hr">
<h3>&gt; General process information</h3>
<table border=0><tr><td align="left" nowrap width="1%">
<p><strong>pid = </strong> 4699 (process #1, nbproc = 1)<br>
<strong>uptime = </strong> 0d 0h01m07s<br>
<strong>system limits:</strong> memmax = unlimited; ulimit-n = 8212<br>
<strong>maxsock = </strong> 8212; <strong>maxconn = </strong> 4096; <strong>maxpipes = </strong> 0<br>
current conns = 1; current pipes = 0/0<br>
Running tasks: 1/9<br>
</td><td align="center" nowrap>
<table class="lgd"><tr>
<td class="active3"> </td><td class="noborder">active UP </td><td class="backup3"> </td><td class="noborder">backup UP </td></tr><tr>
<td class="active2"></td><td class="noborder">active UP, going down </td><td class="backup2"></td><td class="noborder">backup UP, going down </td></tr><tr>
<td class="active1"></td><td class="noborder">active DOWN, going up </td><td class="backup1"></td><td class="noborder">backup DOWN, going up </td></tr><tr>
<td class="active0"></td><td class="noborder">active or backup DOWN  </td><td class="active6"></td><td class="noborder">not checked </td></tr><tr>
<td class="maintain"></td><td class="noborder" colspan="3">active or backup DOWN for maintenance (MAINT)  </td></tr></table>
Note: UP with load-balancing disabled is reported as "NOLB".</td><td align="left" valign="top" nowrap width="1%"><strong>Display option:</strong><ul style="margin-top: 0.25em;"><li><a href="/admin?stats;up">Hide 'DOWN' servers</a><br>
<li><a href="/admin?stats">Refresh now</a><br>
<li><a href="/admin?stats;csv">CSV export</a><br>
</ul></td><td align="left" valign="top" nowrap width="1%"><strong>External ressources:</strong><ul style="margin-top: 0.25em;">
<li><a href="http://haproxy.1wt.eu/">Primary site</a><br>
<li><a href="http://haproxy.1wt.eu/#down">Updates (v1.4)</a><br>
<li><a href="http://haproxy.1wt.eu/#docs">Online manual</a><br>
</ul></td></tr></table>
<table class="tbl" width="100%">
<tr class="titre"><th class="pxname" width="10%"><a name="host_cen05dev_app"></a><a class=px href="#host_cen05dev_app">host_cen05dev_app</a></th><th class="empty" width="90%"></th></tr>
</table>
<table class="tbl" width="100%">
<tr class="titre"><th rowspan=2></th><th colspan=3>Queue</th><th colspan=3>Session rate</th><th colspan=5>Sessions</th><th colspan=2>Bytes</th><th colspan=2>Denied</th><th colspan=3>Errors</th><th colspan=2>Warnings</th><th colspan=9>Server</th></tr>
<tr class="titre"><th>Cur</th><th>Max</th><th>Limit</th><th>Cur</th><th>Max</th><th>Limit</th><th>Cur</th><th>Max</th><th>Limit</th><th>Total</th><th>LbTot</th><th>In</th><th>Out</th><th>Req</th><th>Resp</th><th>Req</th><th>Conn</th><th>Resp</th><th>Retr</th><th>Redis</th><th>Status</th><th>LastChk</th><th>Wght</th><th>Act</th><th>Bck</th><th>Chk</th><th>Dwn</th><th>Dwntme</th><th>Thrtle</th>
</tr><tr class="active3"><td class=ac><a name="host_cen05dev_app/cen05dev_app"></a><a class=lfsb href="#host_cen05dev_app/cen05dev_app">cen05dev_app</a></td><td>0</td><td>0</td><td>-</td><td>0</td><td>0</td><td></td><td>0</td><td>0</td><td>-</td><td title="rsp codes: 1xx=0, 2xx=0, 3xx=0, 4xx=0, 5xx=0, other=0">0</td><td>0</td><td>0</td><td>0</td><td></td><td>0</td><td></td><td>0</td><td title="Connection resets during transfers: 0 client, 0 server">0</td><td>0</td><td>0</td><td class=ac>1m7s UP</td><td class=ac title="Layer7 check passed: OK"> L7OK/200 in 6ms</td><td class=ac>1</td><td class=ac>Y</td><td class=ac>-</td><td title="Failed Health Checks">0</td><td>0</td><td>0s</td><td class=ac>-</td></tr>
<tr class="backend"><td class=ac><a name="host_cen05dev_app/Backend"></a><a class=lfsb href="#host_cen05dev_app/Backend">Backend</a></td><td>0</td><td>0</td><td></td><td>2</td><td>2</td><td></td><td>1</td><td>1</td><td>0</td><td title="rsp codes: 1xx=0 2xx=11 3xx=0 4xx=3 5xx=0 other=0">15</td><td>0</td><td><span class="rls">4</span>875</td><td>8<span class="rls">2</span>981</td><td>0</td><td>0</td><td></td><td>0</td><td title="Connection resets during transfers: 0 client, 0 server">0</td><td>0</td><td>0</td><td class=ac>1m7s UP</td><td class=ac> </td><td class=ac>1</td><td class=ac>1</td><td class=ac>0</td><td class=ac> </td><td>0</td><td>0s</td><td></td></tr></table><p>
</body></html>

#top Modules¶

#top mod-logging¶

#top mod-misc¶

#top mod-auth¶

#top mod-headers¶

#top mod-proxy¶

Zobacz także mod-proxy dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy:

Budowa monolityczna. Brak obsługi funkcjonalności ładowania modułów (brak modułów)!!!
Brak modułu proxy. HAProxy jest serwerem High Availability Proxy Performance.
Zobacz przykłady dla vhosts default oraz vhosts SSL

#top Access Restrictions¶

#top AccessAllow¶

Zobacz także AccessAllow dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: acl | acl - kopia
Składnia: acl <aclname> <criterion> [flags] [operator] <value> ...
Opis:

Dokumentacja HAProxy: block | block - kopia
Składnia: block { if | unless } <condition>
Opis:

EXAMPLES

acl from_google_net src 108.170.192.0/18 108.177.0.0/17 142.250.0.0/15 172.217.0.0/16 172.253.0.0/16 173.194.0.0/16 192.178.0.0/15 199.87.241.32/27 207.223.160.0/20 209.85.128.0/17 216.239.32.0/19 216.58.192.0/19 64.233.160.0/19 66.102.0.0/20 66.249.64.0/19 70.32.128.0/19 70.90.219.48/29 70.90.219.72/29 72.14.192.0/18 74.125.0.0/16
block if from_google_net
# if client request is not blocked, then request is allowed
server ...

#top AccessDeny¶

Zobacz także AccessDeny dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: acl | acl - kopia
Składnia: acl <aclname> <criterion> [flags] [operator] <value> ...
Opis:

Dokumentacja HAProxy: block | block - kopia
Składnia: block { if | unless } <condition>
Opis:

EXAMPLES

acl from_google_net src 108.170.192.0/18 108.177.0.0/17 142.250.0.0/15 172.217.0.0/16 172.253.0.0/16 173.194.0.0/16 192.178.0.0/15 199.87.241.32/27 207.223.160.0/20 209.85.128.0/17 216.239.32.0/19 216.58.192.0/19 64.233.160.0/19 66.102.0.0/20 66.249.64.0/19 70.32.128.0/19 70.90.219.48/29 70.90.219.72/29 72.14.192.0/18 74.125.0.0/16
block if from_google_net

#top headers¶

#top HTTP Header Add¶

acl is-ssl  dst_port       81
reqadd      X-Proto:\ SSL  if is-ssl

#top HTTP Header Set¶

Zobacz także HTTP Header Set dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: reqrep | reqrep - kopia
Składnia: reqrep <search> <replace>
Opis:

Dokumentacja HAProxy: reqirep | reqirep - kopia
Składnia: reqirep <search> <replace>
Opis:

Dokumentacja HAProxy: rsprep | rsprep - kopia
Składnia: rsprep <search> <replace>
Opis:

Dokumentacja HAProxy: rspirep | rspirep - kopia
Składnia: rspirep <search> <replace>
Opis:

EXAMPLES

rspirep ^Location:\ 127.0.0.1:8080    Location:\ www.mydomain.com
reqrep ^([^\ ]*)\ /static/(.*)     \1\ /\2

#top HTTP Header Remove¶

reqidel ^X-Forwarded-For:.*
rspidel ^Server:.*

#top Header Access¶

Zobacz także Header Access dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: reqallow | reqallow - kopia
Składnia: reqallow <search>
Opis:

Dokumentacja HAProxy: reqiallow | reqiallow - kopia
Składnia: reqiallow <search>
Opis:

Dokumentacja HAProxy: reqdeny | reqdeny - kopia
Składnia: reqdeny <search>
Opis:

Dokumentacja HAProxy: reqideny | reqideny - kopia
Składnia: reqideny <search>
Opis:

Dokumentacja HAProxy: rspdeny | rspdeny - kopia
Składnia: rspdeny <search>
Opis:

Dokumentacja HAProxy: rspideny | rspideny - kopia
Składnia: rspideny <search>
Opis:

EXAMPLES

#top Header MIME¶

#top TLS Engine¶

#top TLS Enable¶

frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/site.pem
    [...]

Zobacz także konfigurację TLS SNI dla HAProxy

frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem crt /etc/pki/tls/certs/site1.pem crt /etc/pki/tls/certs/site2.pem crt /etc/pki/tls/certs/site3.pem crt /etc/pki/tls/certs/site4.pem crt /etc/pki/tls/certs/site5.pem
    [...]

#top TLS Cert/Key File¶

Zobacz także TLS Cert/Key File dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: crt cert | crt cert - kopia
Dokumentacja HAProxy: crt-base dir | crt-base dir - kopia
Dokumentacja HAProxy: ca-file cafile | ca-file cafile - kopia
Dokumentacja HAProxy: ca-base dir | ca-base dir - kopia
Dokumentacja HAProxy: crl-file crlfile | crl-file crlfile - kopia
Dokumentacja HAProxy: tune.ssl.default-dh-param | tune.ssl.default-dh-param - kopia
Składnia: bind [<address>]:<port_range> [...] ssl crt </path/to/cert.pem> [...]
Opis:

EXAMPLES

frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/site.pem
    [...]

Zobacz także konfigurację TLS SNI dla HAProxy

frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem crt /etc/pki/tls/certs/site2.pem crt /etc/pki/tls/certs/site3.pem crt /etc/pki/tls/certs/site4.pem crt /etc/pki/tls/certs/site5.pem

# Zmiana domyślnych parametrów Diffie-Hellman używanych do generowanie kluczy Diffie-Hellman stosowanych przy wymianie kluczy DHE
global
    [...]
    # Setting tune.ssl.default-dh-param to 1024 by default,
    # if your workload permits it you should set it to at least 2048.
    # Please set a value >= 1024 to make this warning disappear.
    tune.ssl.default-dh-param 2048
    [...]

#top TLS Protocols¶

# Wyłączenie obsługiwanych protokołów tylko w wersji SSLv3
frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem no-sslv3
    [...]

# Włączenie obsługiwanych protokołów tylko w wersji TLSv1.0 TLSv1.1 TLSv1.2
frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem force-tlsv10 force-tlsv11 force-tlsv12
    [...]

#top TLS CipherSuite¶

Zobacz także TLS CipherSuite dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja HAProxy: ciphers ciphers | ciphers ciphers - kopia
Dokumentacja HAProxy: ssl-default-bind-ciphers ciphers | ssl-default-bind-ciphers ciphers - kopia
Dokumentacja HAProxy: ssl-default-server-ciphers ciphers | ssl-default-server-ciphers ciphers - kopia
Składnia: bind [<address>]:<port_range> [...] ssl [...] ciphers <ciphers> [...]
Opis:

EXAMPLES

# Domyślna wartość
frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem ciphers "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
    [...]

# Wyłączenie RC4 oraz innych Key-eXchange ze względów bezpieczeństwa (Obsługa RC4 nie jest zalecana ze względów bezpieczeństwa)
frontend public_https
    bind :443 ssl crt /etc/pki/tls/certs/hostname.pem ciphers "ALL:!ADH:!EXPORT:!SSLv2:!RC4:!RSA:!NULL:!aNULL:!eNULL:!EXP:+HIGH:+TLSv1"
    [...]

#top TLS Compression¶

#top TLS Options¶

global
    ssl-default-bind-options no-sslv3 no-tls-tickets
    ssl-server-verify none
    [...]

Zmodyfikowany ostatnio: 2018/01/04 19:49:27 (6 lat temu), textsize: 68,9 kB, htmlsize: 90,3 kB

Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...

Dodaj komentarzKomentarze użytkowników