update, dynamic backends based on hostname ,can be updated live control panel/management socket

2025-05-09 02:05:37 +00:00 · 2021-12-26 23:56:15 +11:00
parent 6f52ee8977
commit 9557c06aa1
9 changed files with 41 additions and 5 deletions
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -4,7 +4,7 @@ global
 	log stdout  format raw  local0  debug
 	lua-load /etc/haproxy/scripts/register.lua
 	stats socket /var/run/haproxy.sock mode 666 level admin
-	stats socket *:2000 level operator
+	stats socket *:2000 level admin

 defaults
 	mode http
@ -13,11 +13,17 @@ defaults
 	timeout server 50000ms

 frontend http-in
+	option httplog
 	bind *:80
+	bind *:443

 	acl is_existing_vhost hdr(host),lower,map_str(/etc/haproxy/hosts.map) -m found
 	http-request silent-drop unless is_existing_vhost

+	# acl for blocked IPs/subnets
+	acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/blocked.map) -m found
+	http-request deny deny_status 403 if blocked_ip_or_subnet
+
 	# acl ORs for when ddos_mode_enabled
 	acl ddos_mode_enabled_override hdr_cnt(xr3la1rfFc) eq 0 # note: global only enables POW not captcha atm until
 	acl ddos_mode_enabled hdr(host),lower,map(/etc/haproxy/ddos.map) -m bool
@ -47,7 +53,10 @@ frontend http-in
 	default_backend servers

 backend servers
-	server server1 nginx:80 maxconn 32
+	mode http
+    server-template websrv 1-100 0.0.0.0:80 check disabled
+	use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE
+	#server  default 127.0.0.1:80

 backend hcaptcha
 	mode http