haproxy
February 09, 2017
🔗HAproxy + HTTP auth + IP SRC
Use HTTP Auth when source IP is not from an allowed source:
userlist TestUsers
user guest insecure-password secret
backend test-node
acl network_allowed src 10.0.0.1 192.30.252.0/22
acl AuthOK http_auth(TempUsers)
http-request auth realm Test if !network_allowed !AuthOK
server test test.server.tld:80 maxconn 50 check
To only allow specific range, for example only GitHub:
acl network_allowed src 192.30.252.0/22 185.199.108.0/22
http-request deny if !network_allowed
🔗HAproxy + mysql
First setup mysql by creating a HAproxy to do the checks:
USE mysql;
INSERT INTO user (Host,User) values('%', 'haproxy');
FLUSH PRIVILEGES;
In case you are here because you ran out of connections you can do:
mysql> FLUSH HOSTS;
Then you can use something like:
backend rds-mysql
mode tcp
balance leastconn
option tcpka
option mysql-check user haproxy
server rds mysql.eu-central-1.rds.amazonaws.com:3306 check
https://www.haproxy.com/doc/aloha/7.0/haproxy/healthchecks.html#checking-a-mysql-service