HAProxy

Install
https://haproxy.debian.net/#?distribution=Ubuntu&release=focal&version=2.1

sudo apt install -y haproxy

Check status

systemctl status haproxy

Check configuration / Debug

haproxy -c -f /etc/haproxy/haproxy.cfg && service haproxy reload && tail -f /var/log/haproxy.log

Loadbalancer
http://www.loadbalancer.org/blog/category/haproxy/

Prometheus
https://www.haproxy.com/blog/haproxy-exposes-a-prometheus-metrics-endpoint/

ACL

acl valid-ua hdr(user-agent) -f exact-ua.lst -i -f generic-ua.lst test
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7
https://www.haproxy.com/de/blog/introduction-to-haproxy-acls/

Configuration

/etc/haproxy/haproxy.cfg
 
...
frontend www1
    bind :80
    mode http
    acl whitelist src -f /etc/haproxy/whitelist.lst
    acl all src 0.0.0.0
    use_backend backend1 if whitelist
 
backend backend1
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server web1.example.com 10.0.1.10:80
    server web2.example.com 10.0.1.11:80
    server web3.example.com 10.0.1.12:80
 
listen stats 
    bind :9000
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri /

ACL whiterlist

/etc/haproxy/whitelist.lst
 
# server 1
192.168.1.1/32
# net 1
10.182.29.0/24

SSL

...
frontend public
    bind :80
    bind :443 ssl crt /etc/haproxy/ssl
...

Docker
http://www.panticz.de/docker/haproxy

Letsencrypt
https://gridscale.io/community/tutorials/haproxy-ssl/

Logging
https://www.haproxy.com/de/blog/introduction-to-haproxy-logging/
https://stackoverflow.com/questions/59374512/how-to-configure-haproxy-to-log-in-tcp-mode

defaults
   log global
   mode tcp
   option tcplog
   option logasap

Gracefuly restart

# check HAproxy configuration
haproxy -c -f /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/haproxy.cfg
 
pgrep -a haproxy
 
/usr/sbin/haproxy -Ws -f /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/haproxy.cfg -f /var/lib/octavia/haproxy-default-user-group.conf -p /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/caa5050a-08a1-412e-9294-a544eda00bbf.pid -L LezrlmqomNp6s6uOJE5YX5bF9Ac -sf $(cat /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/caa5050a-08a1-412e-9294-a544eda00bbf.pid) &
 
tail -f /var/log/haproxy.log 

Documentation
https://cbonte.github.io/haproxy-dconv/2.3/configuration.html

Links
https://chase-seibert.github.io/blog/2011/02/26/haproxy-quickstart-w-full-example-config-file.html
https://github.com/jiangwenyuan/nuster
https://www.haproxy.com/blog/haproxy-2-0-and-beyond/#prometheus-exporter