marathon-lb icon indicating copy to clipboard operation
marathon-lb copied to clipboard

Published 20 hours ago verified publisher icon mesosphere

HAPROXY_0_HTTP_FRONTEND_ACL not applying in the haproxy config

Open Ahmadposten opened this issue 7 years ago • 9 comments

I use v 1.7

I am trying to set up routing to a service passed on path_reg so my definition looks like this

  "labels": {
    "HAPROXY_GROUP": "external",
    "HAPROXY_0_VHOST": "example.com",
    "HAPROXY_0_HTTP_FRONTEND_ACL": "acl path_{backend} path_reg /api/v3/[a-z]+/\n use_backend {backend} if path_{backend}\n"
  }

This rule does not apply hitting :9090/_haproxy_getconfig .. the configuration does not contain my rule

I removed --haproxy-map flag (since someone here suggested that in a comment on another issue .. still no luck and things are the same

I also have other questions which are not clear in the documentation

assuming I get things working with acls If I specify "HAPROXY_0_PATH" and another acl which has a path criterion would that translate to a logical OR or an AND?

Is there a way I can use path_reg or dir in "HAPROXY_0_PATH" instead of path_beg? since HAPROXY_0_PATH currently works fine for me bug not to my use case which needs regex matching

Ahmadposten avatar May 14 '17 19:05 Ahmadposten

can someone pls help , i am also facing same issue

seshun avatar May 19 '17 15:05 seshun

Having the same issue on both HAPROXY_0_HTTP_FRONTEND_ACL and HAPROXY_0_HTTPS_FRONTEND_ACL

pdiniz13 avatar May 19 '17 21:05 pdiniz13

Same problem using the latest 1.7

iax7 avatar May 24 '17 17:05 iax7

Same problem

djerihovs avatar Jun 12 '17 09:06 djerihovs

We have been mocking around with this for a while, and it looks to us that if you dont involve the acl host part as well:

acl host_{cleanedUpHostname} hdr(host) -i {hostname}

before the 'acl path'-part you will be missing a variable which the code depends on. For some reason.

By including the host part, the rule shows up in the haproxy config.

Another thing you should be aware of is that you're replacing the whole template, so it just inserts the string directly into the config. In other words you must provide the indentation yourself.

The last "gottcha" is to remember that it is python-regex and not just plain-regex =)

Klaboe avatar Jul 21 '17 10:07 Klaboe

Any updates on this? We're facing the same issue

pramodhkp avatar Apr 20 '18 13:04 pramodhkp

Same issue with haproxy v 1.8.1 a Working regexp does not work in haproxy

haimari avatar Jul 19 '18 09:07 haimari

Just in case it may help someone.

We encountered the same issue and it was because we were not using HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH and HAPROXY_HTTPS_FRONTEND_ACL_WITH_AUTH_AND_PATH (and their equivalent for HTTP) when using authentication and/or path matching with HAPROXY_{n}_PATH.

soualid avatar Aug 06 '18 15:08 soualid

My workaround was use HAPROXY_0_HTTP_FRONTEND_ACL_ONLY_WITH_PATH label with correct indentation and line breaks. Everything else IS'T worked.

  "labels": {
    "HAPROXY_0_HTTP_FRONTEND_ACL_ONLY_WITH_PATH": "  acl path_{backend} path_reg {path}\n",
    "HAPROXY_0_REDIRECT_TO_HTTPS": "true",
    "HAPROXY_GROUP": "internal",
    "HAPROXY_0_HTTP_BACKEND_PROXYPASS_PATH": "/dev",
    "HAPROXY_0_PATH": "^/cars/audi/.*/edit$ ^/dev/.*",
    "environment": "dev",
    "HAPROXY_0_VHOST": "cars.com",
    "HAPROXY_0_HTTPS_FRONTEND_ACL_ONLY_WITH_PATH": "  acl path_{backend} path_reg {path}\n"
  },

ufon avatar Jun 23 '20 22:06 ufon