HAProxy

sudo apt install -y haproxy

systemctl status haproxy

haproxy -c -f /etc/haproxy/haproxy.cfg
service haproxy reload
tail -f /var/log/haproxy.log

acl valid-ua hdr(user-agent) -f exact-ua.lst -i -f generic-ua.lst test
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7
https://www.haproxy.com/de/blog/introduction-to-haproxy-acls/

/etc/haproxy/haproxy.cfg
 
...
frontend www1
    bind :80
    mode http
    acl whitelist src -f /etc/haproxy/whitelist.lst
    acl all src 0.0.0.0
    use_backend backend1 if whitelist
 
backend backend1
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server web1.example.com 10.0.1.10:80
    server web2.example.com 10.0.1.11:80
    server web3.example.com 10.0.1.12:80
 
listen stats 
    bind :9000
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    stats show-node
    stats auth admin:password
    stats uri /

/etc/haproxy/whitelist.lst
 
# server 1
192.168.1.1/32
# net 1
10.182.29.0/24

...
frontend public
    bind :80
    bind :443 ssl crt /etc/haproxy/ssl
...

defaults
   log global
   mode tcp
   option tcplog
   option logasap

# check HAproxy configuration
haproxy -c -f /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/haproxy.cfg
 
pgrep -a haproxy
 
/usr/sbin/haproxy -Ws -f /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/haproxy.cfg -f /var/lib/octavia/haproxy-default-user-group.conf -p /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/caa5050a-08a1-412e-9294-a544eda00bbf.pid -L LezrlmqomNp6s6uOJE5YX5bF9Ac -sf $(cat /var/lib/octavia/caa5050a-08a1-412e-9294-a544eda00bbf/caa5050a-08a1-412e-9294-a544eda00bbf.pid) &
 
tail -f /var/log/haproxy.log 

keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console --log-detail