Hello Philipp,
I don't think there is a capability to include a list of ACLs. However,
you can load the ip addresses once via the -f parameter:
acl is_admin src -f /etc/haproxy/admin_ip_list.txt
You would have to define an acl in each section, but the IP list would
be the same for all rules.
For a more detailed overview of ACLs, check out this blog post:
https://www.haproxy.com/blog/introduction-to-haproxy-acls/
I do have to admit that including ACLs is a neat idea. Alternatively,
global ACLs would be nice.
Does this workaround solve your use case?
Best regards,
Bruno Henc
On 3/8/19 2:17 PM, Philipp Kolmann wrote:
Hi,
I have ACLs for Source-IPs for Admins for several services. These ACLs
are identical for multiple listener-sections.
Would it be possible to have a file with several acl snipplets and
source that at the proper section of the config file multiple times?
I haven't found anything in the docs that would make this possible.
My wished Setup:
admin_acl.conf:
acl is_admin src 10.0.0.1
acl is_admin src 10.0.0.2
acl is_admin src 10.0.0.3
acl is_admin src 10.0.0.4
haproxy.cfg:
listen service1
bind 10.1.0.10:80
include admin_acl.conf
.... more parameters ...
listen service2
bind 10.1.0.20:80
include admin_acl.conf
.... more parameters ...
listen service3
bind 10.1.0.30:80
include admin_acl.conf
.... more parameters ...
The admin_acl needs to be maintained only once and can be used
multiple times.
Is this already possible? Could such an include option be made for the
config files?
thanks
Philipp
