How To Pass arguments to LUA from HAProxy config


#1

How To Pass arguments to LUA from HAProxy config. I am trying to pass certificate DN information for client and CA, but getting error in haproxy config check.

HAProxy LUA config

  global
    lua-load /usr/sbin/lua-choose-backend.lua

  frontend http-in
    mode http

    log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r


    bind *:443 ssl crt /etc/haproxy/server.pem ca-file /etc/haproxy/ca.crt verify required

    use_backend %[lua.choose_backend([ssl_c_s_dn], [ssl_c_i_dn])]
    #use_backend app
    default_backend app
    reqadd X-Forwarded-Proto:\ https if { ssl_fc }
    option forwardfor


/usr/sbin/lua-choose-backend.lua

function choose_backend(txn, arg1, arg2)
        core.log(core.info, "Hello World")
        core.log(core.info, arg1)
        core.log(core.info, arg2)
        
        return "app"
end

core.register_fetches("choose_backend", choose_backend)



$ haproxy -c -f /etc/haproxy/haproxy.cfg

[WARNING] 133/050028 (6381) : parsing [/etc/haproxy/haproxy.cfg:88] : 'acl' : sample fetch <lua.choose_backend([ssl_c_s_dn> failed with : missing closing ')' after arguments to fetch keyword 'lua.choose_backend'
[ALERT] 133/050028 (6381) : Proxy 'http-in': unable to find required use_backend: '%[lua.choose_backend([ssl_c_s_dn],'.

#2

@curtoni I need your help on a topic similar to the one u have solved for ‘use_backend %[lua.choose_backend]’

Please suggest what is wrong in below syntax?

use_backend %[lua.choose_backend([ssl_c_s_dn], [ssl_c_i_dn])]


#3

@ahayworth I need your help regarding LUA arguments from HAProxy config.

Please suggest what is wrong in below syntax?

use_backend %[lua.choose_backend([ssl_c_s_dn], [ssl_c_i_dn])]


#4

Hi,

The arguments passed to the Lua function are static.
If you want to retrieve ssl parameter, you must use sample fetches from the Lua code, lilke this:

function choose_backend(txn)
   local arg1 = txn.f:ssl_c_s_dn()
   local arg2 = txn.f:ssl_c_i_dn()
end

The documentation here: http://www.arpalert.org/src/haproxy-lua-api/1.6/index.html#txn-class