问题
Hoping someone can point me in the right direction.
I am trying to configure HAProxy to use an environment variable (from the operating system) as part of an acl statement. So if the environment variable is set to true when HAProxy is started or reloaded then access is granted. If the environment variable is set to false then I would just want the NOSVR error to be generated.
I know that if I also put in a rule that says use_backend ftp1-srv unless accessFtp then the request goes through OK which seems to indicate that the acl section is is not working.
I have found very little in my searches that show how to use environment variables in this way just that you should be able to do a sample fetch from the internal state with env(name)
This is what I have tried so far:
frontend ftp-in
bind *:2200
mode tcp
option tcplog
log /dev/log local1 debug
acl accessFtp env(accessFTP) eq true
use_backend ftp1-srv if accessFtp
backend ftp1-srv
balance source
option tcplog
server ftp1 127.0.0.1:21
回答1:
acl accessFtp env(accessFTP) eq true
This probably doesn't work because eq is an integer equality comparison operator, env() returns a string and true is... okay, I'm not sure how true would be typed, in an integer comparison against a string, but either way, the result will not be what you expect.
Use an explicit string comparison if the environment variable contains the literal string true.
acl accessFtp env(accessFTP) -m str true
Or, you should be able to use the "a value was found" match test if you only want to test that the environment variable has been set to anything. This should be false if the value is not set at all.
acl accessFtp env(accessFTP) -m found
You can also tidy up your config by removing the named acl and replacing it with an anonymous one.
use_backend ftp1-srv if accessFtp if { env(accessFTP) -m str true }
回答2:
I had a similar problem with environment variables when running as a service and solved it by setting them from /lib/systemd/system/haproxy.service. I'm not sure if it helps in your case.
For more details see this question or that file.
来源:https://stackoverflow.com/questions/38357940/use-environment-variables-in-haproxy