Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Editing haproxy.cfg

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    2
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      Some rules I'm trying to set don't seem to stick (the ACLs won't match). To workaround it, I tried using negative matches, e.g;

      acl.PNG

      but it didn't work either.

      I tried adding my own rule in the advanced section but I discovered these are added before the ACLs thus I can't refer to the existing ACLs from there since rules are evaluated in order.

      Last option was editing haproxy.cfg directly so I could use the unless statement. I did just that then I snooped around the CLI to find how to restart HAProxy from there (so then maybe the data from the GUI was ignored), I found two entries:

      • /usr/local/etc/rc.d/haproxy
      • /usr/local/etc/rc.d/haproxy.sh

      The first didn't work. The second did but it overwrote the changes to haproxy.cfg to what's on the GUI. The first one though, mentioned something about enabling it. I think the one that works is an augmented version of the first that first parses things on the GUI.

      Is that anywhere close to true? How can/could I edit haproxy.cfg manually so it's not overwritten when it's restarted?

      I didn't investigate further because I'm only familiar with systemd + for 2.6, I just reinstalled with custom external ZFS mounts for logs and caching and whatnot and it's running flawlessly--I don't want to screw that up.

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • senseivitaS
        senseivita
        last edited by

        I made it work with regex matching, though, I'd still like to edit the file--the HAProxy docs mention regex matching hits on performance. :/

        I don't know how regex works but I hope a super simple catch all host regex "(.*)" rule plus creative rule re-ordering are easier on the cores.

        Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.