Hi.

In addition to Bruno's answer there was a thread on the ML which explains why 
such a "simple" directive like include isn't easy to implement.

https://www.mail-archive.com/haproxy@formilux.org/msg05215.html

As I also think that in some setups can a include can make the main config 
shorter it's a nightmare to debug, IMHO.

A nice solution is in nginx with the `-T` flag which shows the whole config 
with all includes on stdout.

Best regards.

Aleks


-------- Ursprüngliche Nachricht --------
Von: Bruno Henc <bh...@haproxy.com>
Gesendet: 8. März 2019 14:26:11 MEZ
An: haproxy@formilux.org
Betreff: Re: Adding Configuration parts via File

Hello Philipp,


I don't think there is a capability to include a list of ACLs. However, 
you can load the ip addresses once via the -f parameter:


acl is_admin src -f /etc/haproxy/admin_ip_list.txt


You would have to define an acl in each section, but the IP list would 
be the same for all rules.


For a more detailed overview of ACLs, check out this blog post:

https://www.haproxy.com/blog/introduction-to-haproxy-acls/


I do have to admit that including ACLs is a neat idea. Alternatively, 
global ACLs would be nice.


Does this workaround solve your use case?


Best regards,


Bruno Henc


On 3/8/19 2:17 PM, Philipp Kolmann wrote:
> Hi,
>
> I have ACLs for Source-IPs for Admins for several services. These ACLs 
> are identical for multiple listener-sections.
>
> Would it be possible to have a file with several acl snipplets and 
> source that at the proper section of the config file multiple times?
> I haven't found anything in the docs that would make this possible.
>
> My wished Setup:
>
> admin_acl.conf:
>
> acl is_admin src 10.0.0.1
> acl is_admin src 10.0.0.2
> acl is_admin src 10.0.0.3
> acl is_admin src 10.0.0.4
>
>
> haproxy.cfg:
>
> listen service1
>     bind 10.1.0.10:80
>     include admin_acl.conf
>
>     .... more parameters ...
>
>
> listen service2
>     bind 10.1.0.20:80
>     include admin_acl.conf
>
>     .... more parameters ...
>
>
> listen service3
>     bind 10.1.0.30:80
>     include admin_acl.conf
>
>     .... more parameters ...
>
>
> The admin_acl needs to be maintained only once and can be used 
> multiple times.
>
> Is this already possible? Could such an include option be made for the 
> config files?
>
> thanks
> Philipp
>


Reply via email to