8

I'd like to migrate some 100+ sites from one server to another. Current plan is to gradually add an acl for each as they are moved to direct traffic to a new server.

Here is a simplified example

front http_frontend
  bind *:80
  acl is_new hdr_end(host) -i sub1.domain.com
  acl is_new hdr_end(host) -i sub2.domain.com
  acl is_new hdr_end(host) -i www.domain2.com
  mode http
  # etc
  use_backend web1 if is_new
  default_backend legacy1

Once they are all moved we'd change the default_backend

Is there a way to read these acls from another file? Or to read the domains from a file - perhaps something like this?

acl is_new hdr_end(host) -i /path/to/file

For instance, I include all the secure certificates as below, something like that'd be great!

bind *:443 ssl crt /etc/haproxy/certs.d

It's not the end of the world if not, it'd just be nice and tidy :).

slm
  • 7,615
  • 16
  • 56
  • 76
joevallender
  • 191
  • 1
  • 1
  • 7

1 Answers1

9

ACLs in haproxy can take -f argument to load values from a file. You can read the documentation here.

For example:

acl valid-ua hdr(user-agent) -f exact-ua.lst -i -f generic-ua.lst test

The "-f" flag is followed by the name of a file from which all lines will be read as individual values. It is even possible to pass multiple "-f" arguments if the patterns are to be loaded from multiple files. Empty lines as well as lines beginning with a sharp ('#') will be ignored.

sj26
  • 105
  • 4
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • Okay, I feel like a bit of a dick missing that. I now realise I had seen it in an example about blocking IPs but ended up thinking it was specific to that scenario. What a dummy! Thanks! – joevallender Jul 31 '14 at 16:23