HAProxy

Install
https://haproxy.debian.net/#?distribution=Ubuntu&release=focal&version=2.1

sudo apt install -y haproxy

Check status

systemctl status haproxy

Check configuration / Debug

haproxy -c -f /etc/haproxy/haproxy.cfg && service haproxy reload && tail -f /var/log/haproxy.log

Loadbalancer
http://www.loadbalancer.org/blog/category/haproxy/

Prometheus
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/

ACL

acl valid-ua hdr(user-agent) -f exact-ua.lst -i -f generic-ua.lst test
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7
https://www.haproxy.com/de/blog/introduction-to-haproxy-acls/

Configuration

/etc/haproxy/haproxy.cfg
 
...
frontend www1
    bind :80
    mode http
    acl whitelist src -f /etc/haproxy/whitelist.lst
    acl all src 0.0.0.0
    use_backend backend1 if whitelist
 
backend backend1
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server web1.example.com 10.0.1.10:80
    server web2.example.com 10.0.1.11:80
    server web3.example.com 10.0.1.12:80
 
listen stats 
    bind :9000
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri /

ACL whiterlist

/etc/haproxy/whitelist.lst
 
# server 1
192.168.1.1/32
# net 1
10.182.29.0/24

SSL

...
frontend public
    bind :80
    bind :443 ssl crt /etc/haproxy/ssl
...

Docker
http://www.panticz.de/docker/haproxy

Letsencrypt
https://gridscale.io/community/tutorials/haproxy-ssl/

Links
https://chase-seibert.github.io/blog/2011/02/26/haproxy-quickstart-w-full-example-config-file.html
https://github.com/jiangwenyuan/nuster