The lb-update module allows HAProxy to update periodically the content of acl and map which is loaded from a file.

You can also use this module to update acl and map content without reloading HAProxy.

Understanding the lb-update module

At startup, HAProxy loads the content of map or acl from the designated file. If there is an update directive set up to update this content, HAProxy downloads the new content from the specified URL <url> after a specified period of time <delay>.

Note

The content of the downloaded file replaces the existing content.

  • HAProxy updates the content of the map or acl only if the file was properly downloaded.

  • If HAProxy cannot connect to the server within the time defined in <tmout>, it retries for the number of times defined in <nb> before it quits.

Load the lb-update module

Edit HAProxy's configuration file /etc/hapee-1.8/hapee-lb.conf and, add or uncomment the line below in the global section:

module-load  hapee-lb-update.so

Configure the lb-update module

Once enabled, the lb-update module creates a new HAProxy configuration section named dynamic-update.

This section can contain a single type of directive, called update, as follows:

update id <id> url <url> [delay <delay>] [timeout <tmout>] [retries <nb>] [map]

with the following parameters:

Parameter

Description

id <id>

<id> is the file name initially loaded by map or acl; uses the absolute file path

url <url>

<url> is where the file can be downloaded

delay <delay>

<delay> is the download period; by default, its value is 5m

timeout <tmout>

<tmout> is the connection timeout to the download server; by default its value is 5s

retries <nb>

<nb> is the number of tries to establish a connection to the download server

map

informs that the downloaded file must be interpreted as a map file. By Default, the file is interpreted as an acl file.

Configuration Example

The following example delivers redirect URLs based on the client IP address:

HAProxy's configuration frontend, with a map definition and a dynamic-update section to define how to update the map:

frontend fe_main
        bind 10.0.0.2:80
        mode http
  acl is_maintenance path_beg /maint/
  http-request redirect location src,map_ip(/etc/haproxy/forbid.map) if maintenance_required !is_maintenance
dynamic-update
update id /etc/haproxy/forbid.map url http://10.0.0.1:80/forbid.map delay 300s

Content of the file/etc/haproxy/forbid.map with a list of subnets and associated redirection:

10.0.0.0/8     /maint/maintenance.html
192.168.0.0/16 /maint/forbiden.html
0.0.0.0        /maint/deny.html