Geolocation
Digital Element NetAcuity
This page applies to:
- HAProxy Enterprise 1.8r1 and newer
The NetAcuity module provides geolocation lookups using Digital Element’s GeoIP databases.
Install the NetAcuity module Jump to heading
-
Log into your account at the Digital Element website and download the NetAcuity database
.tar.gzfile. Extract the contents of the file and place them in a directory on your HAProxy Enterprise server (e.g./etc/hapee-3.2/netacuity/). -
Install the NetAcuity module according to your platform:
nixsudo apt-get install hapee-<VERSION>-b-netacuitynixsudo apt-get install hapee-<VERSION>-b-netacuityExample for HAProxy Enterprise 3.2r1:
nixsudo apt-get install hapee-3.2r1-b-netacuitynixsudo apt-get install hapee-3.2r1-b-netacuitynixsudo yum install hapee-<VERSION>-b-netacuitynixsudo yum install hapee-<VERSION>-b-netacuityExample for HAProxy Enterprise 3.2r1:
nixsudo yum install hapee-3.2r1-b-netacuitynixsudo yum install hapee-3.2r1-b-netacuitynixsudo zypper install hapee-<VERSION>-b-netacuitynixsudo zypper install hapee-<VERSION>-b-netacuityExample for HAProxy Enterprise 3.2r1:
nixsudo zypper install hapee-3.2r1-b-netacuitynixsudo zypper install hapee-3.2r1-b-netacuitynixsudo pkg install hapee-<VERSION>-b-netacuitynixsudo pkg install hapee-<VERSION>-b-netacuityExample for HAProxy Enterprise 3.2r1:
nixsudo pkg install hapee-3.2r1-b-netacuitynixsudo pkg install hapee-3.2r1-b-netacuity -
In the
globalsection of HAProxy Enterprise configuration, add the following lines:haproxyglobal...module-load hapee-lb-netacuity.sonetacuity-load 04 /etc/hapee-3.2/netacuitynetacuity-cache-size 2000000haproxyglobal...module-load hapee-lb-netacuity.sonetacuity-load 04 /etc/hapee-3.2/netacuitynetacuity-cache-size 2000000 -
Reload the HAProxy Enterprise configuration to apply the changes.
Configure the NetAcuity module Jump to heading
The module adds the following global directives:
| Directive | Description |
|---|---|
netacuity-load <feature_code> <directory> |
Required. Specifies the local directory where you store NetAcuity files. The <feature_code> depends on the type of database. For example, if you name your NetAcuity files na_04_01.db, na_04_02.db, etc., then set it to 04. |
netacuity-cache-size <number> |
Specifies the size of the LRU cache used for lookups. The minimum size of 0 disables the cache. The maximum cache size is 10000000. Default: 0 |
Use converters to perform database lookups Jump to heading
netacuity-lookup-ipv4 Jump to heading
Use the converter netacuity-lookup-ipv4 to perform a lookup in the IPv4 database that returns the values of the specified properties. It can return several properties by specifying each successively; In that case, the returned values are separated by commas.
Syntax:
text
text
The maximum number of properties in one lookup is eight. Valid property types are:
src-ip(Note: This property shows the IP address of the client in IPv6 format.)pulse-area-codespulse-citypulse-city-codepulse-city-confpulse-conn-speedpulse-conn-typepulse-continent-codepulse-countrypulse-country-codepulse-country-confpulse-gmt-offsetpulse-in-dstpulse-internal-codepulse-latitudepulse-longitudepulse-metro-codepulse-postal-codepulse-postal-confpulse-regionpulse-region-codepulse-region-confpulse-timezone-namepulse-two-letter-country
In this example we set HTTP request headers that contain geolocation properties based on client’s source IP address.
haproxy
haproxy
netacuity-lookup-ipv6 Jump to heading
Use the converter netacuity-lookup-ipv6 to perform a lookup in the IPv6 database that returns the values of the specified properties. It can return several properties by specifying each successively; In that case, the returned values are separated by commas.
Syntax:
text
text
The maximum number of properties in one lookup is eight. Valid property types are:
src-ip(Note: This property shows the IP address of the client in IPv6 format.)pulse-area-codespulse-citypulse-city-codepulse-city-confpulse-conn-speedpulse-conn-typepulse-continent-codepulse-countrypulse-country-codepulse-country-confpulse-gmt-offsetpulse-in-dstpulse-internal-codepulse-latitudepulse-longitudepulse-metro-codepulse-postal-codepulse-postal-confpulse-regionpulse-region-codepulse-region-confpulse-timezone-namepulse-two-letter-country
In this example we set HTTP request headers that contain geolocation properties based on client’s source IP address.
haproxy
haproxy
Update the database during runtime Jump to heading
Use the NetAcuity Update feature to keep the contents of the geolocation database current. This allows you to keep multiple HAProxy Enterprise nodes synced with the latest data.
-
Install a web server of your choice and host the database file at a URL where HAProxy Enterprise can access. For example, host the files at
http://192.168.122.1:8000/netacuity.tar.gz. We recommend that you host the unzipped file directory at this URL. -
Add the following lines to the
globalsection of your configuration file, where the URL hosts an updated version of the file. Be sure to specify the port number where your file is hosted, for example,8000as in the example below.haproxyglobal...netacuity-update url 04 http://192.168.122.1:8000/netacuity.tar.gz delay 24h timeout 100ms retries 3 checksum hash loghaproxyglobal...netacuity-update url 04 http://192.168.122.1:8000/netacuity.tar.gz delay 24h timeout 100ms retries 3 checksum hash log
With this configuration, HAProxy Enterprise downloads the database every 24 hours and displays a message in the logs when it succeeds or if it encountered errors during the update.
netacuity-update Jump to heading
The netacuity-update directive enables updating the database over HTTP from a specified URL. Updating a database with a newer version invalidates any cached lookups (if using cache), unless you enable the checksum setting and the new and old database contents are identical.
The directive supports the following syntax:
text
text
where:
| Argument | Description |
|---|---|
url <feature_code url> |
Required. Specifies URL for the database update. We recommend that you host the unzipped file directory at this URL. The feature code depends on the type of database. For example, if you name your NetAcuity files na_04_01.db, na_04_02.db, etc., then set the feature code to 04. |
delay <u> |
<u> specifies the period between each attempt to download a new database version. The delay is a simplified version of the xdelay keyword. |
xdelay <u s b r> |
xdelay settings are defined as follows: <u> specifies the period between each attempt to download a new database version. Default: 5m. <s> specifies the initial (first) download delay. Default: 5s. <b> specifies the delay between the download of each element of the database. Default: 10s. If the download fails, <r> determines the delay for the next attempt. Default: 30s. If the new version of the database fails to download after three attempts, the module cancels the download until the next time interval specified by <u>. In this case, it discards the downloaded data. |
timeout <t> |
Specifies the HTTP connection timeout for attempts to download a new database version. The value is in milliseconds by default, but you can set it to any other unit if you add it as a suffix to the number. Default: 5s. |
retries <n> |
Specifies the number of retries to download a new NetAcuity database version. If unspecified, the global retries value applies. Default: 3 |
checksum |
If present, determines the use of the SHA1 control sum to verify that the content of the recently downloaded database is identical to the one already used. If they are identical, the module does not do a live-reload of the database, thereby preserving cache contents (if you use caching). |
hash |
If present, enables authentication of downloaded data. Each upgraded file must have the associated file with a SHA1 check The SHA1 checksum file has the extension .sha1. The typical way to create the SHA1 checksum file is: sha1sum file > file.sha1 |
log |
Specifies whether to log operation errors. |
dontlog-normal |
Deactivates logging for successful updates. |
param* |
Lists other server parameters; useful to configure special SSL features. |
Runtime API Jump to heading
It is possible to manage the NetAcuity module via the Runtime API. For general information on using the runtime API, see HAProxy Enterprise Runtime API.
lb-netacuity cache disable Jump to heading
Disable the NetAcuity lookup cache.
If the NetAcuity cache is enabled, each lookup is cached so that subsequent requests are loaded from the cache instead of the NetAcuity database. The NetAcuity module will perform all lookups in its database when the cache is disabled.
Below, we disable the cache:
nix
nix
outputtext
outputtext
lb-netacuity cache enable Jump to heading
Enable the NetAcuity lookup cache.
If the NetAcuity cache is enabled, each lookup is cached so that subsequent requests are loaded from the cache instead of the NetAcuity database.
Below, we enable the cache:
nix
nix
outputtext
outputtext
lb-netacuity cache invalidate Jump to heading
Invalidate the NetAcuity lookup cache.
If the NetAcuity cache is enabled, each lookup is cached so that subsequent requests are loaded from the cache instead of the NetAcuity database. Invalidating the cache marks all entries in the cache invalid. After invalidating the cache, the NetAcuity module will perform lookups in its database as it rebuilds its cache for subsequent requests.
Below, we invalidate the cache:
nix
nix
outputtext
outputtext
lb-netacuity disable Jump to heading
Disable the NetAcuity database lookup engine.
When disabled, the NetAcuity module does not perform lookups.
Below, we disable NetAcuity lookups:
nix
nix
outputtext
outputtext
lb-netacuity enable Jump to heading
Enable the NetAcuity database lookup engine.
The NetAcuity database lookup engine is enabled automatically upon installation. You may need to re-enable it if you have manually disabled it.
Below, we enable NetAcuity lookups:
nix
nix
outputtext
outputtext
lb-netacuity get Jump to heading
Display all the data associated with the specified IP address.
You can retrieve all of the data associated with a specified IP address. This query works even if the NetAcuity module is disabled and the result of the query is not cached. The query is performed against the database and not the cache. You can specify the IP address in IPv4 or IPv6 format.
Retrieve the NetAcuity database information for the IP address 192.168.64.1 by specifying that IP address with the lb-netacuity get command:
nix
nix
outputtext
outputtext
lb-netacuity status Jump to heading
Display the status of the NetAcuity module.
The NetAcuity module maintains some statistics about its operations. The lb-netacuity status command provides information about its configuration and cache.
The results of the lb-netacuity status command show information about the current state of its cache, as well as information about updates to its database.
nix
nix
outputtext
outputtext
lb-netacuity update Jump to heading
Force an update of the NetAcuity database.
The NetAcuity update module will update the database based on the interval you specified in the configuration. You can also force an update by specifying the time you would like the update to run, for example, 5 minutes from now. If you don’t specify a time, or set the update delay to zero, the update will run immediately. The delay time you specify cannot exceed the time until the next regular update, otherwise you will receive an error message similar to “NetAcuity: the specified delay time is further than the time of the next update (3s), cancelling request”.
In this example, we want the update to run 5 minutes from now so we specify 5m as the delay time.
nix
nix
outputtext
outputtext
You can check the status of the update using the lb-netacuity status command. Note that while the update is processing, the status will show the progress:
nix
nix
outputtext
outputtext
Do you have any suggestions on how we can improve the content of this page?