Hi. In addition to Bruno's answer there was a thread on the ML which explains why such a "simple" directive like include isn't easy to implement.
https://www.mail-archive.com/[email protected]/msg05215.html As I also think that in some setups can a include can make the main config shorter it's a nightmare to debug, IMHO. A nice solution is in nginx with the `-T` flag which shows the whole config with all includes on stdout. Best regards. Aleks -------- Ursprüngliche Nachricht -------- Von: Bruno Henc <[email protected]> Gesendet: 8. März 2019 14:26:11 MEZ An: [email protected] Betreff: Re: Adding Configuration parts via File Hello Philipp, I don't think there is a capability to include a list of ACLs. However, you can load the ip addresses once via the -f parameter: acl is_admin src -f /etc/haproxy/admin_ip_list.txt You would have to define an acl in each section, but the IP list would be the same for all rules. For a more detailed overview of ACLs, check out this blog post: https://www.haproxy.com/blog/introduction-to-haproxy-acls/ I do have to admit that including ACLs is a neat idea. Alternatively, global ACLs would be nice. Does this workaround solve your use case? Best regards, Bruno Henc On 3/8/19 2:17 PM, Philipp Kolmann wrote: > Hi, > > I have ACLs for Source-IPs for Admins for several services. These ACLs > are identical for multiple listener-sections. > > Would it be possible to have a file with several acl snipplets and > source that at the proper section of the config file multiple times? > I haven't found anything in the docs that would make this possible. > > My wished Setup: > > admin_acl.conf: > > acl is_admin src 10.0.0.1 > acl is_admin src 10.0.0.2 > acl is_admin src 10.0.0.3 > acl is_admin src 10.0.0.4 > > > haproxy.cfg: > > listen service1 > bind 10.1.0.10:80 > include admin_acl.conf > > .... more parameters ... > > > listen service2 > bind 10.1.0.20:80 > include admin_acl.conf > > .... more parameters ... > > > listen service3 > bind 10.1.0.30:80 > include admin_acl.conf > > .... more parameters ... > > > The admin_acl needs to be maintained only once and can be used > multiple times. > > Is this already possible? Could such an include option be made for the > config files? > > thanks > Philipp >
