{% extends "base.html" %} {% block content %} {% from 'include/input_macros.html' import input, checkbox, select %} {% set balance_params = dict() %} {% set balance_params = {'roundrobin':'roundrobin','source':'source','leastconn':'leastconn','first':'first', 'rdp-cookie':'rdp-cookie', 'uri':'uri', 'uri whole':'uri whole', 'static-rr': 'static-rr', 'url_param userid':'url_param userid'} %} {% set checks = dict() %} {% set checks = {'':'Choose a custom health check','option tcp-check':'Check a TCP Port', 'option ssl-hello-chk':'Check a SSL Port','option httpchk':'Check a HTTP service', 'option ldap-check':'Check a LDAP service', 'option mysql-check':'Check a MySql Service', 'option pgsql-check':'Check a PgSQL Service', 'option redis-check': 'Check a Redis Service', 'option smtpchk':'Check a SMTP service'} %} {% set observe = {'layer7':'layer7', 'layer4': 'layer4'} %} {% set on_error = {'mark-down':'mark-down', 'fastinter': 'fastinter', 'fail-check':'fail-check', 'sudden-death':'sudden-death'} %} {% set if_values = dict() %} {% set if_values = {'1':'Host name starts with','2':'Host name ends with','3':'Path starts with','4':'Path ends with', '6': 'Src ip'} %}
{% include 'include/add_proxy.html' %}

Add listen
Select a server:
Note: If you re-configure the master server, the slave server will be re-configured automatically
 A "listen" section defines a complete proxy with its frontend and backend parts combined in one section. It is generally useful for TCP-only traffic.

All proxy names must be formed from upper and lower case letters, digits, '-' (dash), '_' (underscore) , '.' (dot) and ':' (colon). ACL names are case-sensitive, which means that "www" and "WWW" are two different proxies.

Historically, all proxy names could overlap, it just caused troubles in the logs. Since the introduction of content switching, it is mandatory that two proxies with overlapping capabilities (frontend/backend) have different names. However, it is still permitted that a frontend and a backend share the same name, as this configuration seems to be commonly encountered.
Name: {{ input('name', name='listener', title="Name Listener", placeholder="web_80", required='required') }}
IP and Port: {{ input('ip', placeholder="Any", size='15') }}: {{ input('listen-port', name='port', title="Port for bind listen", placeholder="8080", size='5', required='required') }}
If the IP-address for the listener is empty, it will listen on all IP addresses. Start typing IP or press down button. Click on + to add multiple IP-port pairs. If you are using VRRP, leave the IP field blank. If you assign a VRRP IP, the slave server will not start.
Mode: {% set values = dict() %} {% set values = {'http':'http','tcp':'tcp'} %} {{ select('listen-mode-select', name='mode', values=values, selected='http', required='required', class='force_close') }}
Maxconn: {{ input('maxconn', value='2000', type="number", title="Fix the maximum number of concurrent connections on a frontend", size='5', required='required') }}
This value should not exceed the global maxconn. Default global maxconn value: 2000
Balance: {{ select('balance', values=balance_params, selected='roundrobin', required='required', class='force_close') }}
Health check: {{ select('listener_checks', name='health_check', values=checks, selected='', class='force_close') }}
ACL:
Web acceleration: {{ checkbox('compression', title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.', value='1', desc='Compression') }} {{ checkbox('cache', title='Enable cache', value='2', desc='Cache') }} {{ checkbox('ssl_offloading', title='Enable redirection from HTTP scheme to HTTPS scheme', desc='HTTP->HTTPS') }}
WAF: {{ checkbox('slow_atack', title='In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances. The header specifies the exact size of the message body that will then follow. However, that message body is then sent at an alarmingly low rate – sometimes as slow as 1 byte per approximately two minutes.', desc='Slow attack') }} {{ checkbox('ddos', title='DDOS attack protect', desc='DDOS') }} {{ checkbox('whitelist_checkbox', title='Add whitelist', desc='Whitelist') }} {{ checkbox('blacklist_checkbox', title='Add blacklist', desc='Blacklist') }} {{ checkbox('waf', title='Web application firewall', desc='WAF', value='1') }} {{ checkbox('antibot', title='Unfortunately, a large portion of bots are used for malicious reasons. Their intentions include web scraping, spamming, request flooding, brute forcing, and vulnerability scanning. For example, bots may scrape your price lists so that competitors can consistently undercut you or build a competitive solution using your data. Or they may try to locate forums and comment sections where they can post spam. At other times, they’re scanning your site looking for security weaknesses.', desc='Antibot', value='1') }}
Options: {{ checkbox('forward_for', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.', desc='Forward for') }} {{ checkbox('redispatch', title='In HTTP mode, if a server designated by a cookie is down, clients may definitely stick to it because they cannot flush the cookie, so they will not be able to access the service anymore. Specifying "option redispatch" will allow the proxy to break their persistence and redistribute them to a working server. It also allows to retry connections to another server in case of multiple connection failures. Of course, it requires having "retries" set to a nonzero value.', desc='Redispatch') }} {% set values = dict() %} {% set values = {'Off':'Off','Server only':'Server only','Force close':'Force close','Pretend keep alive':'Pretend keep alive'} %} {{ select('force_close', values=values, first='Force HTTP close', title='Since HAProxy works in reverse-proxy mode, the servers see its IP address as their client address. This is sometimes annoying when the client\'s IP address is expected in server logs. To solve this problem, the well-known HTTP header "X-Forwarded-For" may be added by HAProxy to all requests sent to the server. This header contains a value representing the client\'s IP address. Since this header is always appended at the end of the existing header list, the server must be configured to always use the last occurrence of this header only. See the server\'s manual to find how to enable use of this standard header. Note that only the last occurrence of the header must be used, since it is really possible that the client has already brought one.', class='force_close') }} {{ checkbox('cookie', title='To send a client to the same server where they were sent previously in order to reuse a session on that server, you can enable cookie-based session persistence. Add a cookie directive to the backend section and set the cookie parameter to a unique value on each server line.', desc='Set cookie', value='1') }} {{ checkbox('options-listen-show', title='Set options manually', desc='Set options') }}
Servers: {% include 'include/add_servers.html' %}

{{ checkbox('template-listen', name='template', title='Сreate the list of servers from the template', value='template', desc='Server-template') }}
Check:
Default params: inter 2000 rise 2 fall 5
{{ checkbox('circuit_breaking_listen', name="circuit_breaking", desc='Circuit Breaking', title='Circuit breaker is a design pattern which is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring. The circuit breaker design pattern works much like an electrical circuit breaker which is intended to “trip” or open the circuit when failure is detected.', value='1') }}
Add Listen Generate config

Add frontend
Select a server:
Note: If you re-configure the master server, the slave server will be re-configured automatically
 A "frontend" section describes a set of listening sockets accepting client connections.

All proxy names must be formed from upper and lower case letters, digits, '-' (dash), '_' (underscore) , '.' (dot) and ':' (colon). ACL names are case-sensitive, which means that "www" and "WWW" are two different proxies.

Historically, all proxy names could overlap, it just caused troubles in the logs. Since the introduction of content switching, it is mandatory that two proxies with overlapping capabilities (frontend/backend) have different names. However, it is still permitted that a frontend and a backend share the same name, as this configuration seems to be commonly encountered.
Name:
IP and Port: :
If the IP-address for the listener is empty, it will listen on all IP addresses. Start typing IP or press down button. Click on + to add multiple IP-port pairs. If you are using VRRP, leave the IP field blank. If you assign a VRRP IP, the slave server will not start.
Mode: {% set values = dict() %} {% set values = {'http':'http','tcp':'tcp'} %} {{ select('frontend-mode-select', name='mode', values=values, selected='http', required='required', class='force_close') }} {{ checkbox('https-frontend', title='The term SSL termination means that you are performing all encryption and decryption at the edge of your network, such as at the load balancer.', desc='SSL Offloading') }}
Maxconn: {{ input('maxconn', value='2000', type="number", title="Fix the maximum number of concurrent connections on a frontend", size='5', required='required') }}
This value should not exceed the global maxconn. Default global maxconn value: 2000
ACL:
Web acceleration: {{ checkbox('compression2', name="compression", title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.', value='1', desc='Compression') }} {{ checkbox('cache2', name="cache", title='Enable cache', value='2', desc='Cache') }} {{ checkbox('ssl_offloading1', title='Enable redirection from HTTP scheme to HTTPS scheme', desc='HTTP->HTTPS') }}
WAF: {{ checkbox('slow_atack1', title='In a Slow POST attack, an attacker begins by sending a legitimate HTTP POST header to a Web server, exactly as they would under normal circumstances. The header specifies the exact size of the message body that will then follow. However, that message body is then sent at an alarmingly low rate – sometimes as slow as 1 byte per approximately two minutes.', desc='Slow attack') }} {{ checkbox('ddos1', title='DDOS attack protect', desc='DDOS') }} {{ checkbox('whitelist_checkbox1', title='Add whitelist', desc='Whitelist') }} {{ checkbox('blacklist_checkbox1', title='Add blacklist', desc='Blacklist') }} {{ checkbox('waf2', name='waf', title='Web application firewall', desc='WAF', value='1') }} {{ checkbox('antibot1', title='Unfortunately, a large portion of bots are used for malicious reasons. Their intentions include web scraping, spamming, request flooding, brute forcing, and vulnerability scanning. For example, bots may scrape your price lists so that competitors can consistently undercut you or build a competitive solution using your data. Or they may try to locate forums and comment sections where they can post spam. At other times, they’re scanning your site looking for security weaknesses.', desc='Antibot', value='1') }}
Options: {{ checkbox('forward_for1', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.', desc='Forward for') }} {% set values = dict() %} {% set values = {'Off':'Off','Server only':'Server only','Force close':'Force close','Pretend keep alive':'Pretend keep alive'} %} {{ select('force_close', values=values, first='Force HTTP close', title='Since HAProxy works in reverse-proxy mode, the servers see its IP address as their client address. This is sometimes annoying when the client\'s IP address is expected in server logs. To solve this problem, the well-known HTTP header "X-Forwarded-For" may be added by HAProxy to all requests sent to the server. This header contains a value representing the client\'s IP address. Since this header is always appended at the end of the existing header list, the server must be configured to always use the last occurrence of this header only. See the server\'s manual to find how to enable use of this standard header. Note that only the last occurrence of the header must be used, since it is really possible that the client has already brought one.', class='force_close') }} {{ checkbox('options-frontend-show', title='Set options manually', desc='Set options') }}
Default backend {{ input('backends', name='backends', placeholder="some_backend", size='30', title='If no condition is valid, the backend defined with "default_backend" will be used. If no default backend is defined, either the servers in the same section are used (in case of a "listen" section) or, in case of a frontend, no server is used and a 503 service unavailable response is returned.') }}
Note. If you want to use the default backend, backend must exist.
Add Frontend Generate config

Add backend
Select a server:
Note: If you re-configure the master server, the slave server will be re-configured automatically
 A "backend" section describes a set of servers to which the proxy will connect to forward incoming connections.

All proxy names must be formed from upper and lower case letters, digits, '-' (dash), '_' (underscore) , '.' (dot) and ':' (colon). ACL names are case-sensitive, which means that "www" and "WWW" are two different proxies.

Historically, all proxy names could overlap, it just caused troubles in the logs. Since the introduction of content switching, it is mandatory that two proxies with overlapping capabilities (frontend/backend) have different names. However, it is still permitted that a frontend and a backend share the same name, as this configuration seems to be commonly encountered.
Name: {{ input('new_backend', title="Name backend", placeholder="web_80", required='required') }}
Mode: {% set values = dict() %} {% set values = {'http':'http','tcp':'tcp'} %} {{ select('backend-mode-select', name='mode', values=values, selected='http', required='required', class='force_close') }}
Balance: {{ select('balance', values=balance_params, selected='roundrobin', required='required', class='force_close') }}
Health check: {{ select('backend_checks', name='health_check', values=checks, selected='', class='force_close') }}
ACL:
Web acceleration: {{ checkbox('compression3', name="compression", title='HTTP compression allows you to shrink the body of a response before it is relayed to a client, which results in using less network bandwidth per request. From a client\'s perspective, this reduces latency.', value='1', desc='Compression') }} {{ checkbox('cache3', name="cache", title='Enable cache', value='2', desc='Cache') }} {{ checkbox('ssl_offloading2', title='The term SSL termination means that you are performing all encryption and decryption at the edge of your network, such as at the load balancer.', desc='SSL Offloading') }}
Options: {{ checkbox('forward_for2', title='When HAProxy Enterprise proxies a TCP connection, it overwrites the client\'s source IP address with its own when communicating with the backend server. However, when relaying HTTP messages, it can store the client\'s address in the HTTP header X-Forwarded-For. The backend server can then be configured to read the value from that header to retrieve the client\'s IP address.', desc='Forward for') }} {{ checkbox('redispatch2', title='In HTTP mode, if a server designated by a cookie is down, clients may definitely stick to it because they cannot flush the cookie, so they will not be able to access the service anymore. Specifying "option redispatch" will allow the proxy to break their persistence and redistribute them to a working server. It also allows to retry connections to another server in case of multiple connection failures. Of course, it requires having "retries" set to a nonzero value.', desc='Redispatch') }} {% set values = dict() %} {% set values = {'Off':'Off','Server only':'Server only','Force close':'Force close','Pretend keep alive':'Pretend keep alive'} %} {{ select('force_close', values=values, first='Force HTTP close', title='123', class='force_close') }} {{ checkbox('cookie2', title='To send a client to the same server where they were sent previously in order to reuse a session on that server, you can enable cookie-based session persistence. Add a cookie directive to the backend section and set the cookie parameter to a unique value on each server line.', desc='Set cookie', value='1') }} {{ checkbox('options-backend-show', title='Set options manually', desc='Set options') }}
Servers: {% include 'include/add_servers.html' %}

{{ checkbox('template-backend', name='template', title='Create the list of servers from the template', value='template', desc='Server-template') }}
Check:
Default params: inter 2000 rise 2 fall 5
{{ checkbox('circuit_breaking_backend', name="circuit_breaking", desc='Circuit Breaking', title='Circuit breaker is a design pattern which is used to detect failures and encapsulates the logic of preventing a failure from constantly recurring. The circuit breaker design pattern works much like an electrical circuit breaker which is intended to “trip” or open the circuit when failure is detected.', value='1') }}
Add Backend Generate config

SSL
View certificates Uploaded certificates
Upload SSL certificates Certificate name Paste the contents of the certificate file
{{ input('ssl_name') }}

Let's Encrypt
Server Domain name E-mail
{{ input('lets_domain', placeholder="example.com") }} {{ input('lets_email') }}
{% for option in options %} {% if option.groups == group or group == '1' %} {% endif %} {% endfor %}
Id Options
{{ option.id }}

+ Add

In this section you can create, edit and delete options with given parameters. And after use them as autocomplete in the "Add" sections
How to use predefined option you can see in this video
{% for s in saved_servers %} {% if s.groups == group or group == '1' %} {% endif %} {% endfor %}
Server Description

+ Add

In this section you can create, edit and delete servers. And after use them as autocomplete in the "Add" sections
How to use predefined servers you can see in this video

Add Userlist
Select a server:
Note: If you reconfigure Master server, Slave will be re-configured automatically
 It is possible to control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized users. To do this, it is required to create at least one userlist and to define users.
Userlist name: {{ input('new_userlist', required='required', title="Userlist name", placeholder="basic-auth-list") }}
Groups: {{ input('userlist-group', title="User`s group", placeholder="group_name") }}
It is also possible to attach users to this group by using a comma separated list of names preceded by "users" keyword.
User: {{ input('userlist-user', required='required', title="Username", placeholder="user_name") }} {{ input('userlist-password', required='required', title="User password. By default, it insecure-password", placeholder="password") }} {{ input('userlist-user-group', title="User`s group", placeholder="user`s group") }}
It is also possible to attach groups to this user by using a comma separated list of groups.
Add Userlist Generate config

Existing UserList
Select a server:
Note: If you reconfigure Master server, Slave will be re-configured automatically
 Show Userlist
In this section you can create userlists. And after use them in the "Add" sections
Read here How to use userlists

Add Peer
Select server:
Note: If you re-configure Master server, Slave will be re-configured automatically
 The peers section enables the replication of stick table data between two or more HAProxy instances.
Peers name: {{ input('peers-name', title="Peers name", placeholder="peers name") }}
Peers servers: : :
: :
Add Peer Generate config
Note: If you would like to use HAProxy services as Master-Master cluster you must set local servers hostnames as peers servers names. Otherwise, peers will not work
Note: If you would like to use HAProxy services as Master-Slave cluster you must set local server hostname for master server as peer server name. Otherwise, peers will not work
Read here How to use peers
{{ input('group', value=group, type='hidden') }}
New blacklist Server for uploading Existing blacklists
Name: {{ input('new_blacklist_name') }} {% for list in black_lists %} {{ list }} {% endfor %}
New whitelist Server for uploading Existing whitelists
Name: {{ input('new_whitelist_name') }} {% for list in white_lists %} {{ list }} {% endfor %}
In this section you can create and edit black and white lists. And after use them in the HAProxy configs or in the "Add proxy" pages. Read how to use it in this article
{% include 'include/del_confirm.html' %}
{% endblock %}