Being able to take servers in and out of the rotation was gonna be my next RFE. :) So you are one step ahead of me.
Might it be sane to have a separate https web management daemon that can talk to haproxy over the control socket you are implementing?
(Just as an FYI, we are running haproxy behind an nginx https -> http proxy, so at least over the network, all our authentication is theoretically secure).
P.S. - I am really starting to develop a deep appreciation for what you have done here. Haproxy is a real gem.
On Mon, Jun 30, 2008 at 4:02 PM, Willy Tarreau <w#1wt.eu> wrote:
> Hi Bryan,
> On Mon, Jun 30, 2008 at 03:09:43PM -0400, Brian Gupta wrote:
>> I know we can do this by restarting haproxy, but it would be a great
>> feature to be able to clear stats, without restarting from the stats
>> page. (On a per stats page basis, not for the entire daemon).
> It should not be too hard, but in the current state of the stats
> page, I don't want to. The reason is simple : the page is not
> secure. It asks for a basic auth (clear text), so it is not acceptable
> to let anyone clear the stats.
> However, I see a perfect place for this : the control socket (which
> does not exist yet) which will be used to turn servers on/off. This
> will be a UNIX socket, just like the current stats socket. It will
> require some controls (possibly authentication) before accepting
> commands from other processes.
-- - Brian Gupta http://opensolaris.org/os/project/nycosug/ http://www.genunix.org/wiki/index.php/OpenSolaris_New_User_FAQReceived on 2008/07/01 03:05
This archive was generated by hypermail 2.2.0 : 2008/07/01 03:16 CEST