De Wiki inetshell
Saltar a: navegación, buscar



  • timeout client: client inactivity
  • timeout connect: allowed TCP connection establishment time
  • timeout server: allowed time to the server to process the request



  • multiprocess
  nbproc 8
  cpu-map auto:1-8  0-7
  maxconn 8192
  maxpipes 2048

Configurar timeouts

timeout connect 300s
timeout client 300s
timeout server 300s

Limitar por password

  • Crear password:
python -c "import random,string,crypt;
randomsalt = ''.join(random.sample(string.ascii_letters,8));
print crypt.crypt('MySecretPassword', '\$6\$%s\$' % randomsalt)"
  • HAproxy config:
userlist basic-auth-list
  group web-access
  user admin  password $6$oxPvHRVT$8lLFpj/U828hVUcrqh6v7CQnHHtWezf4Ac6KIJJt/MLiVONs3Feb97gEYA4NMAhS7IoyeVYwr4yLtrNRk5OUn/ groups web-access

backend web-access
acl draw-auth http_auth(basic-auth-list)
http-request auth realm draw unless draw-auth

Limitar por IP backend HTTP

backend server
acl allow_access src
http-request deny if { path -i -m beg / } ! allow_access

Limitar por IP frontend TCP

frontend 10000 acl network_allowed src tcp-request connection reject if !network_allowed

Usar backend con SSL/TLS sin verificar en Rancher

ssl-server-verify none

backend target1
server $IP ssl

backend target2
server $IP ssl

Usar backend con SSL/TLS sin verificar

backend example-backend
  balance roundrobin
  option httpchk GET /health_check
  server srv01 weight 1 maxconn 100 check ssl verify none
  server srv02 weight 1 maxconn 100 check ssl verify none


log stdout format raw local0
log global
mode http
option httplog
frontend frontend-http-in
bind *:82
option httplog
acl url_ping path_beg /ping.html
use_backend app-backend if url_ping
backend app-backend
server applocal check inter 1m
backend my-local
server applocal check inter 1m

Log en Rancher

log local0 debug