标签:acl global default haproxy frontend
haproxy配置分为两部分
global
proxies
default
frontend
backend
listen = frontend + backend
global
进程管理及安全相关的参数 chroot pidfile user uid group gid log <address> <facility> daemon
性能调整相关的参数 maxconn noepoll nopoll
debug相关参数 debug
proxies 需要注意使用的位置 backend、frontend、listen、default
balance --> roundrobin static-rr leastconn source uri uri-param hdr(<name>) bind mode hash-type map-based --> 取模 用key的hash值对server总数取模, consistent --> 一致性hash 一致性hash算法除了计算key的hash值外,还会计算每个server对应的hash值, 然后将这些hash值映射到一个有限的值域上(比如0~2^32) log maxconn default_backend server <name> <address>[:prot] [param*] capture request header <name> len <length> capture response header stats enable stats uri stats realm stats auth stats hide-version stats admin option forwardfor [ header <name> ] [ if-none ] errorfile errorfile 400 /etc/haproxy/errorpages/400badreq.http errorfile 403 /etc/haproxy/errorpages/403forbid.http errorfile 503 /etc/haproxy/errorpages/503sorry.http timeout client <timeout>: timeout server <timeout> timeout connect <timeout> timeout http-keep-alive <timeout> timeout client-fin <timeout> timeout server-fin <timeout>
ACL简单指令说明
acl acl_name criterion flags op value
criterion
dst dst_port src src_port --> 4层 hdr <string> method <string> path_beg <string> path_end <string> hdr_beg <string> hdr_end <string> --> 7层
flags
-i
op
eq:等于 ge;大于等于 gt:大于 le:小于等于 lt:小于 =:等于
访问控制相关的参数
http-request { allow | deny} [ { if | unless } <condition> ] tcp-request content <action> [{if | unless} <condition>] <action> "accept", "reject",
本文出自 “似水流年” 博客,请务必保留此出处http://sixijie123.blog.51cto.com/11880770/1877303
标签:acl global default haproxy frontend
原文地址:http://sixijie123.blog.51cto.com/11880770/1877303