Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

HostFirewall

HAProxy + iptables from a config file

$> vim hf_config.py
$> python3 hf.py > haproxy.cfg
$> cat haproxy.cfg
global
        log /dev/log local0
        log /dev/log local1 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
        stats socket /var/run/haproxy.sock mode 600 level admin
        stats timeout 2m

defaults
        log global
        mode http
        balance roundrobin
        option httplog
        option dontlognull
        option httpclose
        option forwardfor
        timeout connect 15s
        timeout client 1m
        timeout server 1m

userlist haproxyAuth
        user xxxxxxxxx insecure-password yyyyyyyyy

userlist seedboxAuth
        user xxxxxxxxx insecure-password yyyyyyyyy

frontend port-80
        bind *:80

        acl host1 hdr(host) -i public.domain.com
        acl host2 hdr(host) -i manage.domain.com
        acl host3 hdr(host) -i seedbox.domain.com

        acl path1 url_beg /files
        acl path2 url_beg /

        acl auth1 http_auth(haproxyAuth)
        acl auth2 http_auth(seedboxAuth)
        http-request auth realm AUTH if host2 !auth1
        http-request auth realm AUTH if host3 !auth2

        use_backend back-9090 if host1
        use_backend back-stat if host2
        use_backend back-9090 if host3 path1
        use_backend back-9091 if host3 path2

backend back-9090
        server proxy 127.0.0.1:9090 check

backend back-stat
        stats enable
        stats refresh 30s
        stats show-legends
        stats show-desc HAProxy
        stats show-node
        stats uri /

backend back-9091
        server proxy 127.0.0.1:9091 check


## IPTABLES
# iptables -F
# iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# iptables -P INPUT DROP

About

HAProxy + iptables from a config file

Topics

Resources

Releases

No releases published

Packages

No packages published

Languages