Hi.
Have anybody some hints or tips about the question?
Regards
Alex
On 08.11.21 12:26, Aleksandar Lazic wrote:
Hi.
I have 2 LB's which should limit the connection to one backend.
I would try to use "conn_cur" in a stick table and share it via peers.
Have anyone such a solution already in place?
That's my assuption for the config.
```
peers be_pixel_peers
bind 9123
log global
localpeer {{ ansible_nodename }}
server lb1 lb1.domain.com:1024
server lb2 lb2.domain.com:1024
backend be_pixel_persons
log global
acl port_pixel dst_port {{ dst_ports["pixel"] }}
tcp-request content silent-drop if port_pixel !{ src -f
/etc/haproxy/whitelist.acl }
option httpchk GET /alive
http-check connect ssl
timeout check 20s
timeout server 300s
# limit connection to backend
stick-table type ip size 1m expire 10m store conn_cur peers be_pixel_peers
http-request deny if { src,table_table_conn_cur(sc_conn_cur) gt 100 }
####
http-request capture req.fhdr(Referer) id 0
http-request capture req.fhdr(User-Agent) id 1
http-request capture req.hdr(host) id 2
http-request capture var(txn.cap_alg_keysize) id 3
http-request capture var(txn.cap_cipher) id 4
http-request capture var(txn.cap_protocol) id 5
http-response set-header X-Server %s
balance roundrobin
server pixel_persons1 {{ hosts["pixel_persons1"] }}:8184 resolvers mydns ssl
check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2 weight 20
server pixel_persons2 {{ hosts["pixel_persons2"] }}:8184 resolvers mydns ssl
check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2 weight 20
server pixel_persons3 {{ hosts["pixel_persons3"] }}:8184 resolvers mydns ssl
check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 8 weight 80
```
Regards
Alex
