> Em 8 de nov. de 2021, à(s) 08:26, Aleksandar Lazic <al-hapr...@none.at>
> escreveu:
>
>
> Hi.
>
> I have 2 LB's which should limit the connection to one backend.
>
> I would try to use "conn_cur" in a stick table and share it via peers.
> Have anyone such a solution already in place?
Hi Alex, I’ve already posted another question with a similar config which
worked like a charm in my tests:
https://www.mail-archive.com/haproxy@formilux.org/msg39753.html
~jm
> That's my assuption for the config.
>
> ```
> peers be_pixel_peers
> bind 9123
> log global
> localpeer {{ ansible_nodename }}
> server lb1 lb1.domain.com:1024
> server lb2 lb2.domain.com:1024
>
>
> backend be_pixel_persons
> log global
>
> acl port_pixel dst_port {{ dst_ports["pixel"] }}
> tcp-request content silent-drop if port_pixel !{ src -f
> /etc/haproxy/whitelist.acl }
>
> option httpchk GET /alive
> http-check connect ssl
> timeout check 20s
> timeout server 300s
>
> # limit connection to backend
>
> stick-table type ip size 1m expire 10m store conn_cur peers be_pixel_peers
> http-request deny if { src,table_table_conn_cur(sc_conn_cur) gt 100 }
>
> ####
>
> http-request capture req.fhdr(Referer) id 0
> http-request capture req.fhdr(User-Agent) id 1
> http-request capture req.hdr(host) id 2
> http-request capture var(txn.cap_alg_keysize) id 3
> http-request capture var(txn.cap_cipher) id 4
> http-request capture var(txn.cap_protocol) id 5
>
> http-response set-header X-Server %s
>
> balance roundrobin
>
> server pixel_persons1 {{ hosts["pixel_persons1"] }}:8184 resolvers mydns ssl
> check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2
> weight 20
> server pixel_persons2 {{ hosts["pixel_persons2"] }}:8184 resolvers mydns ssl
> check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 2
> weight 20
> server pixel_persons3 {{ hosts["pixel_persons3"] }}:8184 resolvers mydns ssl
> check check-ssl ca-file /etc/haproxy/letsencryptauthorityx3.pem maxconn 8
> weight 80
>
> ```
>
> Regards
> Alex
>
