11

I'm using haproxy to direct route for several applications running on a single server. For one of the domains in use there are several dozens of subdomains that should be directed to one of a few applications.

Currently, I list all of those subdomains in a separte line. My frontend configuration looks like this: 

frontend http-in
    bind *:80

    acl alpha     hdr(host) -i alpha.com
    acl beta      hdr(host) -i beta.com
    acl gamma00   hdr(host) -i apple.gamma.com
    acl gamma01   hdr(host) -i banana.gamma.com
    acl gamma02   hdr(host) -i cherry.gamma.com
    acl gamma03   hdr(host) -i durian.gamma.com
    acl gamma04   hdr(host) -i elderberry.gamma.com
    acl gamma05   hdr(host) -i fig.gamma.com
    acl gamma06   hdr(host) -i grapefruit.gamma.com
    acl gamma     hdr(host) -i gamma.com

    use_backend a if alpha
    use_backend b if beta
    use_backend sub1 if gamma00
    use_backend sub1 if gamma01
    use_backend sub1 if gamma02
    use_backend sub2 if gamma03
    use_backend sub2 if gamma04
    use_backend sub2 if gamma05
    use_backend sub2 if gamma06
    use_backend g if gamma

    default_backend default

Is there a way to achieve a similar result in more concise form? Is such listing effective, or would it be better to switch to a regex at some point?

Hubert OG
  • 225
  • 1
  • 2
  • 6
  • Heh, your question contains the keyword `regex`, which is in fact your answer, I believe. Also note that you can use `hdr_beg` instead of `hdr` so that you can enumerate the subdomains only. Finally, it should be possible to collapse your `gamma00-06` ACLs to just two ACLs, one for `sub1` and one for `sub2`, simply by using the same `acl ` in the ACL line. – Felix Frank Jun 10 '14 at 12:19

1 Answers1

16

To keep performance at a maximum (avoiding a regex every hit) but still cleaning up the config, I'd use an external file for your ACLs here. For example let's say you had a file called /etc/haproxy/sub1urls, which was exactly this:

apple.gamma.com
banana.gamma.com
cherry.gamma.com

Then in your config the ACL could simply be:

acl is_sub1 hdr(host) -i -f /etc/haproxy/sub1urls

Putting the other hosts in a sub2urls file the same way reduces your config down to:

frontend http-in
    bind *:80

    acl alpha     hdr(host) -i alpha.com
    acl beta      hdr(host) -i beta.com
    acl is_sub1   hdr(host) -i -f /etc/haproxy/sub1urls
    acl is_sub2   hdr(host) -i -f /etc/haproxy/sub2urls
    acl gamma     hdr(host) -i gamma.com

    use_backend a if alpha
    use_backend b if beta
    use_backend sub1 if is_sub1
    use_backend sub2 if is_sub2
    use_backend g if gamma

    default_backend default

This makes it very easy to maintain those other files, since they're just lists of hosts. It opens up the list of who can edit them and exposes less risk as well. For example, we have people editing these ACL lists like this in puppet who don't have to know the HAProxy config syntax at all.

Nick Craver
  • 823
  • 7
  • 15