Hi. Have anybody some hints or tips about the question?
Regards Alex On 08.11.21 12:26, Aleksandar Lazic wrote:
Hi. I have 2 LB's which should limit the connection to one backend. I would try to use "conn_cur" in a stick table and share it via peers. Have anyone such a solution already in place? That's my assuption for the config. ``` peers be_pixel_peers bind 9123 log global localpeer {{ ansible_nodename }} server lb1 lb1.domain.com:1024 server lb2 lb2.domain.com:1024 backend be_pixel_persons log global acl port_pixel dst_port {{ dst_ports["pixel"] }} tcp-request content silent-drop if port_pixel !{ src -f /etc/haproxy/whitelist.acl } option httpchk GET /alive http-check connect ssl timeout check 20s timeout server 300s # limit connection to backend stick-table type ip size 1m expire 10m store conn_cur peers be_pixel_peers http-request deny if { src,table_table_conn_cur(sc_conn_cur) gt 100 } #### http-request capture req.fhdr(Referer) id 0 http-request capture req.fhdr(User-Agent) id 1 http-request capture req.hdr(host) id 2 http-request capture var(txn.cap_alg_keysize) id 3 http-request capture var(txn.cap_cipher) id 4 http-request capture var(txn.cap_protocol) id 5 http-response set-header X-Server %s balance roundrobin server pixel_persons1 {{ hosts["pixel_persons1"] }}:8184 resolvers mydns ssl check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2 weight 20 server pixel_persons2 {{ hosts["pixel_persons2"] }}:8184 resolvers mydns ssl check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2 weight 20 server pixel_persons3 {{ hosts["pixel_persons3"] }}:8184 resolvers mydns ssl check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 8 weight 80 ``` Regards Alex