Configuring the lb-update module

The ‘lb-update’ module allows HAProxy to update periodically the content of acl and map which is loaded from a file.

You can also use this module to update acl and map content without reloading HAProxy.

Understanding the “lb-update” module

At startup, HAProxy loads the content of map or acl from the designated file. If there is an update directive set up to update this content, HAProxy downloads the new content from the specified URL <url> after a specified period of time <delay> .

The content of the downloaded file replaces the existing content.
  • HAProxy updates the content of the map or acl only if the file was properly downloaded.
  • If HAProxy cannot connect to the server within the time defined in <tmout>, it retries for the number of times defined in <nb> before it quits.

Load the lb-update module

  1. Edit HAProxy‘s configuration file /etc/hapee-1.6/hapee-lb.conf.
  2. Add or uncomment the line below in the global section:

Configure the lb-update module

Once enabled, the lb-update module creates a new HAProxy configuration section named dynamic-update.

This section can contain a single type of directive, called update, as follows:

update id <id> url <url> [delay <delay>] [timeout <tmout>] [retries <nb>] [map]

with the following parameters:

id <id> <id> is the file name initially loaded by map or acl; uses the absolute file path
url <url> <url> is where the file can be downloaded
delay <delay> <delay> is the download period; by default, its value is 5m
timeout <tmout> <tmout> is the connection timeout to the download server; by default its value is 5s
retries <nb> <nb> is the number of tries to establish a connection to the download server

informs that the downloaded file must be interpreted as a map file. By Default, the file is interpreted as an acl file.

Configuration Example

The following example delivers redirect URLs based on the client IP address:

  • HAProxy‘s configuration frontend, with a map definition and a dynamic-update section to define how to update the map:
frontend fe_main
	mode http
	acl maintenance_required src,map_ip(/etc/haproxy/ -m found
	http-request redirect location src,map_ip(/etc/haproxy/ if maintenance_required

update id /etc/haproxy/ map url delay 300s
  • content of the file/etc/haproxy/ with a list of subnets and associated redirection:     /maintenance.html /forbiden.html        /deny.html