HAProxy

Install
sudo apt install -y haproxy

Check status
systemctl status haproxy

Check configuration / Debug
haproxy -c -f /etc/haproxy/haproxy.cfg && service haproxy reload && tail -f /var/log/haproxy.log

Loadbalancer
http://www.loadbalancer.org/blog/category/haproxy/

Prometheus
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/

ACL
acl valid-ua hdr(user-agent) -f exact-ua.lst -i -f generic-ua.lst test
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7
https://www.haproxy.com/de/blog/introduction-to-haproxy-acls/

Configuration
/etc/haproxy/haproxy.cfg

...
frontend www1
    bind :80
    mode http
    acl whitelist src -f /etc/haproxy/whitelist.lst
    acl all src 0.0.0.0
    use_backend backend1 if whitelist
 
backend backend1
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server web1.example.com 10.0.1.10:80
    server web2.example.com 10.0.1.11:80
    server web3.example.com 10.0.1.12:80
 
listen stats 
    bind :9000
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri /

ACL whiterlist
/etc/haproxy/whitelist.lst

# server 1
192.168.1.1/32
# net 1
10.182.29.0/24

Docker
http://www.panticz.de/docker/haproxy

Letsencrypt
https://gridscale.io/community/tutorials/haproxy-ssl/

Links
https://chase-seibert.github.io/blog/2011/02/26/haproxy-quickstart-w-full-example-config-file.html
https://github.com/jiangwenyuan/nuster