From: Willy Tarreau Date: Tue, 13 Oct 2015 13:22:59 +0000 (+0200) Subject: CLEANUP: examples: remove obsolete configuration file samples X-Git-Tag: v1.6.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae4865d802fafc23e6eea1643f53aaae455a1562;p=thirdparty%2Fhaproxy.git CLEANUP: examples: remove obsolete configuration file samples This removes the obsolete CTTPROXY configuration, the tarpit example, and the pre-content switching example involving 3 layers and cookie rewriting to emulate the use_backend feature... (9 years old). --- diff --git a/examples/cttproxy-src.cfg b/examples/cttproxy-src.cfg deleted file mode 100644 index 541f431a9b..0000000000 --- a/examples/cttproxy-src.cfg +++ /dev/null @@ -1,63 +0,0 @@ -# -# test tproxy - -# -# ip a a 2.0.0.1/16 dev eth0 -# ip a a 1.0.0.1/16 dev eth1 -# ip li set eth1 up -# -# sudo rmmod -r iptable_tproxy -# modprobe ip_conntrack hashsize=65536 -# modprobe iptable_tproxy hashsize=65536 - - -# or : -# sudo insmod net/ipv4/netfilter/ip_conntrack.o hashsize=65536;sudo insmod net/ipv4/netfilter/iptable_nat.o;sudo insmod net/ipv4/netfilter/iptable_tproxy.o hashsize=65536 - - -# This is a test configuration. -# It must load-balance across active servers. Check local apache logs to -# verify : -# -# tail /var/log/apache/access_log - - -global - maxconn 10000 - -listen sample1 - mode http - option httplog - option dontlognull - retries 1 - redispatch - contimeout 5000 - clitimeout 5000 - srvtimeout 5000 - maxconn 40000 - bind 1.0.0.1:8081 - balance roundrobin - server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc 1.0.0.3 - #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client - #server srv1 10.0.3.2:80 cookie s0 source 127.0.0.1 usesrc clientip - #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000 - option httpclose - #errorloc 503 /503 - -listen sample1 - mode http - option httplog - option dontlognull - retries 1 - redispatch - contimeout 5000 - clitimeout 5000 - srvtimeout 5000 - maxconn 40000 - bind 1.0.0.1:8082 - balance roundrobin - server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 - #server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000 - option httpclose - #errorloc 503 /503 - diff --git a/examples/examples.cfg b/examples/examples.cfg deleted file mode 100644 index 3499e7bd76..0000000000 --- a/examples/examples.cfg +++ /dev/null @@ -1,154 +0,0 @@ -global - log 127.0.0.1 local0 -# log 127.0.0.1 local1 - maxconn 4000 - ulimit-n 8000 - uid 0 - gid 0 -# chroot /tmp -# nbproc 2 -# daemon -# debug -# quiet - -listen proxy1 0.0.0.0:8000 - mode http -# source 127.0.0.2:0 -# log 127.0.0.1 local0 -# log 127.0.0.1 local1 - log global - #mode tcp - cookie SERVERID insert indirect - balance roundrobin - #dispatch 127.0.0.1:3130 - #dispatch 127.0.0.1:31300 - #dispatch 127.0.0.1:80 - #dispatch 127.0.0.1:22 - option httpchk - server test 10.1.1.2:80 cookie cookie1 check inter 300 -# server nc 127.0.0.1:8080 cookie cookie1 check inter 300 -# server tuxlocal0 10.101.23.9:80 cookie cookie1 check -# server tuxlocal1 127.0.0.1:80 cookie cookie1 check -# server tuxlocal2 127.0.0.1:80 cookie cookie2 check -# server tuxlocal3 127.0.0.1:80 cookie cookie3 check -# server tuxlocal4 127.0.0.1:80 cookie cookie4 check -# server vax 10.101.14.1:80 cookie cookie1 check - #server tuxceleron 10.101.0.1:80 cookie cookie2 check - #server telnet 127.0.0.1:23 - #server ssh 127.0.0.1:22 - #server local 127.0.0.1:3130 cookie cookie3 check - #server ko 127.0.0.1:0 cookie cookie3 check - #server local 127.0.0.1:8001 cookie cookie3 check - #server local 127.0.0.1:3130 - #server celeron 10.101.0.1:80 cookie srv1 - #server celeron 10.101.0.1:31300 - #server local 10.101.23.9:31300 - contimeout 3000 - clitimeout 150000 - srvtimeout 150000 - maxconn 60000 - redispatch - retries 3 - grace 3000 - #rsprep ^Server.* Server:\ IIS - #rspdel ^Server.* - #rspadd Set-Cookie:\ mycookie=0;\ path=/ - #rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2) - # force connection:close - #reqidel ^Connection: - #rspidel ^Connection: - #reqadd Connection:\ close - #rspadd Connection:\ close - # processing options - #option keepalive - option forwardfor - option httplog - option dontlognull -# reqirep ^(Test:\ ) \0_toto_\1_toto -# reqidel ^X-Forwarded-for: -# reqirep ^(GET|POST)\ .* \0 -# reqirep ^(Host:|Connection:|User-agent:|Cookie:)\ .* \0 -# reqideny ^ - -listen proxy1 0.0.0.0:8001 - mode http - #mode tcp - dispatch 127.0.0.1:80 - #dispatch 127.0.0.1:31300 - #dispatch 127.0.0.1:80 - #dispatch 127.0.0.1:22 - #server tuxlocal 127.0.0.1:80 cookie cookie1 check - #server tuxceleron 10.101.0.1:80 cookie cookie2 check - #server telnet 127.0.0.1:23 - #server ssh 127.0.0.1:22 - #server local 127.0.0.1:3130 cookie cookie3 check - #server local 127.0.0.1:3130 - #server celeron 10.101.0.1:80 cookie srv1 - #server celeron 10.101.0.1:31300 - #server local 10.101.23.9:31300 - contimeout 3000 - clitimeout 150000 - srvtimeout 150000 - maxconn 60000 - redispatch - retries 3 - grace 3000 - #rsprep ^Server.* Server:\ IIS - #rspdel ^Server.* - rspadd Set-Cookie:\ SERVERID=12345678;\ path=/ - #rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2) - -listen proxy1 0.0.0.0:3128 - disabled - mode http - cookie SERVERID insert indirect - #dispatch 127.0.0.1:8080 - server srv1 127.0.0.1:8080 - #server srv2 192.168.12.3:8080 - contimeout 3000 - clitimeout 450000 - srvtimeout 450000 - maxconn 60000 - redispatch - retries 3 - grace 3000 - rspdel ^Via:.* - monitor-net 192.168.12.252/30 - - -listen proxy2 0.0.0.0:3129 - disabled - mode http - transparent -# dispatch 127.0.0.1:80 - contimeout 3000 - clitimeout 150000 - srvtimeout 150000 - maxconn 60000 - retries 3 - grace 3000 - -# log 10.101.11.1 local1 -# log 10.101.11.1 local2 - -# cliexp ^(.*ASPSESSIONID.*=)(.*) \1FENICGGCBECLFFEEOAEAIFGF -# cliexp ^(GET.*)(.free.fr)(.*) \1.online.fr\3 -# cliexp ^(POST.*)(.free.fr)(.*) \1.online.fr\3 -# cliexp ^Proxy-Connection:.* Proxy-Connection:\ close -# srvexp ^(Location:\ )([^:]*://[^/]*)(.*) \1\3 - -listen health 0.0.0.0:3130 - mode health - clitimeout 1500 - srvtimeout 1500 - maxconn 6000 - grace 0 - - -listen health 0.0.0.0:31300 - mode health - option httpchk - clitimeout 1500 - srvtimeout 1500 - maxconn 6000 - grace 0 diff --git a/examples/haproxy.cfg b/examples/haproxy.cfg deleted file mode 100644 index 1c71d61771..0000000000 --- a/examples/haproxy.cfg +++ /dev/null @@ -1,80 +0,0 @@ -# this config needs haproxy-1.1.28 or haproxy-1.2.1 - -global - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - #log loghost local0 info - maxconn 4096 - chroot /usr/share/haproxy - uid 99 - gid 99 - daemon - #debug - #quiet - -defaults - log global - mode http - option httplog - option dontlognull - retries 3 - redispatch - maxconn 2000 - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 - -listen appli1-rewrite 0.0.0.0:10001 - cookie SERVERID rewrite - balance roundrobin - server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5 - server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5 - server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5 - server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5 - -listen appli2-insert 0.0.0.0:10002 - option httpchk - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - capture cookie vgnvisitor= len 32 - - option httpclose # disable keep-alive - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - -listen appli3-relais 0.0.0.0:10003 - dispatch 192.168.135.17:80 - -listen appli4-backup 0.0.0.0:10004 - option httpchk /index.html - option persist - balance roundrobin - server inst1 192.168.114.56:80 check inter 2000 fall 3 - server inst2 192.168.114.56:81 check inter 2000 fall 3 backup - -listen ssl-relay 0.0.0.0:8443 - option ssl-hello-chk - balance source - server inst1 192.168.110.56:443 check inter 2000 fall 3 - server inst2 192.168.110.57:443 check inter 2000 fall 3 - server back1 192.168.120.58:443 backup - -listen appli5-backup 0.0.0.0:10005 - option httpchk * - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - server inst3 192.168.114.57:80 backup check inter 2000 fall 3 - capture cookie ASPSESSION len 32 - srvtimeout 20000 - - option httpclose # disable keep-alive - option checkcache # block response if set-cookie & cacheable - - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - - errorloc 502 http://192.168.114.58/error502.html - errorfile 503 /etc/haproxy/errors/503.http - diff --git a/examples/tarpit.cfg b/examples/tarpit.cfg deleted file mode 100644 index e5c929805c..0000000000 --- a/examples/tarpit.cfg +++ /dev/null @@ -1,72 +0,0 @@ -# This configuration is an example of how to use connection tarpitting based -# on invalid requests. - -global - daemon - log 127.0.0.1 local0 - -listen frontend 0.0.0.0:80 - mode http - option httplog - log global - maxconn 10000 - - # do not log requests with no data - option dontlognull - - # log as soon as the server starts to respond, an do not wait for the - # end of the data transfer. - option logasap - - # disable keep-alive - option httpclose - - # load balancing mode set to round-robin - balance roundrobin - - # the maxconn 150 below means 150 connections maximum will be used - # on apache, the remaining ones will be queued. - server apache1 127.0.0.1:80 maxconn 150 - - # use short timeouts for client and server - clitimeout 20000 - srvtimeout 20000 - - # the connect timeout should be large because it will also be used - # to define the queue timeout and the tarpit timeout. It generally - # is a good idea to set it to the same value as both above, and it - # will improve performance when dealing with thousands of connections. - contimeout 20000 - - # retry only once when a valid connection fails because the server - # is overloaded. - retries 1 - - # You might want to enable this option if the attacks start - # targetting valid URLs. - # option abortonclose - - # not needed anymore. - #capture request header X-Forwarded-For len 15 - - # and add a new 'X-Forwarded-For: IP' - option forwardfor - - # how to access the status reporting web interface - stats uri /stat - stats auth stat:stat - - # Request header and URI processing begins here. - - # rename the 'X-Forwarded-For:' header as 'X-Forwarded-For2:' - reqirep ^(X-Forwarded-For:)(.*) X-Forwarded-For2:\2 - - #### Now check the URI for requests we want to tarpit ### - # We do not analyze headers, we just focus on the request - reqpass ^[^:\ ]*: - - # Tarpit those URIs for any method - reqtarpit ^[^:\ ]*\ /invalid_req1 - reqtarpit ^[^:\ ]*\ /cgi-bin/.*\.pl\? - reqitarpit ^[^:\ ]*\ /.*\.(dll|exe|asp) - diff --git a/examples/url-switching.cfg b/examples/url-switching.cfg deleted file mode 100644 index 3d3d86b167..0000000000 --- a/examples/url-switching.cfg +++ /dev/null @@ -1,120 +0,0 @@ -# -# This configuration can be used as an example of how URL-switching may be -# implemented with current haproxy versions. -# -# Right now (version 1.2), haproxy can only select a server based on the cookie -# provided by the client. While this may sound limitated, it is yet possible to -# combine this feature to rewrites to provide full URL-switching capabilities. -# -# For this, we have to chain 3 levels : -# - front-end : will match the expected URIs and assign a cookie accordingly ; -# it uses regexps and could match on anything else (Host:, -# cookies, ...) -# - switch : will select a back-end depending on the cookie above -# - back-ends : will perform the load balancing between multiple servers for -# the same group. Note that this level can be omitted if there -# is only one server for each backend. -# -# Logging is performed at the lower level (back-ends) so that local server -# problems can be identified quickly with the timers. The client's IP is -# propagated in the X-Forwarded-For: header. -# - -global - daemon - maxconn 6000 # warning: this has to be 3 times the expected value! - log 192.168.0.1 local0 - -defaults - mode http - balance roundrobin - option dontlognull - option httpclose - retries 1 - redispatch - maxconn 2000 - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 - -# -# This is the instance the client connects to. -# -listen frontend 10.20.30.40:80 - option forwardfor # add 'X-Forwarded-For: IP' - - # remove an eventual 'backend' cookie the client might have sent - reqidel ^Cookie:\ backend= - - # add cookie 'backend=2' for any HTTP method followed by - # '/img' only or '/img/' followed by anything. - reqirep ^[^:\ ]*\ /img[/\ ].* \0\nCookie:\ backend=2 - - # add cookie 'backend=3' for any HTTP method followed by - # '/home' only or '/home/' followed by anything. - reqirep ^[^:\ ]*\ /home[/\ ].* \0\nCookie:\ backend=3 - - # send everything to next stage - server switch 127.0.0.2:8000 - - -# -# This instance is only seen by the 'frontend' instance above. It receives all -# of its traffic. -# -listen switch 127.0.0.2:8000 - # cookie name 'backend' inserted by the 'frontend' instance above - cookie backend - - # default server 'backend1' gets the default traffic. - server backend1 127.0.0.3:8001 - - # those servers get traffic only if their cookie is present because - # they are tagged 'backup'. - server backend2 127.0.0.3:8002 cookie 2 backup - server backend3 127.0.0.3:8003 cookie 3 backup - -# -# Backend 1 for dynamic contents. -# It is made of 4 apache servers which we can test thanks to a CGI script. -# -listen backend1 127.0.0.3:8001 - log global - option httplog - capture request header X-Forwarded-For len 15 - option httpchk /cgi-bin/testhost.pl - server apache1 192.168.1.1:80 maxconn 100 check inter 2000 fall 3 - server apache2 192.168.1.2:80 maxconn 100 check inter 2000 fall 3 - server apache3 192.168.1.3:80 maxconn 100 check inter 2000 fall 3 - server apache4 192.168.1.4:80 maxconn 100 check inter 2000 fall 3 - -# -# backend 2 for images (/img). -# It is made of 3 Tux servers which we test by requesting the /img/logo.png -# file which should be present when file-systems are mounted. -# -listen backend2 127.0.0.3:8002 - log global - option httplog - capture request header X-Forwarded-For len 15 - option httpchk /img/logo.png - server tux5 192.168.1.5:80 check inter 2000 fall 3 - server tux6 192.168.1.6:80 check inter 2000 fall 3 - server tux7 192.168.1.7:80 check inter 2000 fall 3 - -# -# backend 3 for home directories (/home). These are the same machines as for -# dynamic content, except that a different server is bound to another port. -# We test the service by checking that the file "/home/webmaster/started" -# exists. -# -listen backend3 127.0.0.3:8003 - log global - option httplog - capture request header X-Forwarded-For len 15 - option httpchk /home/webmaster/started - server light1 192.168.1.1:8080 check inter 2000 fall 3 - server light2 192.168.1.2:8080 check inter 2000 fall 3 - server light3 192.168.1.3:8080 check inter 2000 fall 3 - server light4 192.168.1.4:8080 check inter 2000 fall 3 -