Help with backend


#1

I want to restrict my backend connection to ports 80 and 8080 only and frontend connection to 443 only.

backend HA_NODES
balance roundrobin
mode http
option httpchk GET /health_check.json
description HA_NODES
server app1-stg-7878 10.10.7.31:7878 check fastinter 2000 inter 7000
server app1-stg-7879 10.10.7.31:7879 check fastinter 2000 inter 7000
server app2-stg-7878 10.10.7.32:7878 check fastinter 2000 inter 7000
server app2-stg-7879 10.10.7.32:7879 check fastinter 2000 inter 7000
acl allow_port dst_port 80
http-request allow if allow_port

frontend HA_FRONTEND_HTTPS
bind *:443 ssl crt /etc/ssl/private/code.com.pem
mode http
http-request set-header X-Request-Start t=%Ts%ms
description HA_FRONTEND_HTTPS
default_backend HA_NODES
acl allow_port dst_port 443
http-request allow if allow_port

frontend HA_FRONTEND_HTTP
bind *:80
mode http
http-request set-header X-Request-Start t=%Ts%ms
description HA_FRONTEND_HTTP
default_backend HA_NODES

I tried commenting out frontend HA_FRONTEND_HTTP part and restarted haproxy service but I can still access it using the port 80.

If I try to put deny ACL on backend, this will take effect on frontend as well.

I’m new with haproxy.