I need an example HAProxy config to do the following:
Server1 = 192.168.0.177 ( I did not give the servers names - only IP's)
On Server1, I run HAproxy as well as Apache.
Apache on Server1 is setup to listen on port 8080 now, and has two Virtual Hosts correctly setup for two sub-domains - each serving its own website content.
Sub-domain 1 = s.mydomain.com
Sub-domain 2 = x.mydomain.com
I have a second server running on 192.168.0.233.
I want to setup HAProxy to listen to s.mydomain.com and then forward it to Apache on the same server ( 192.168.0.177), x.mydomain.com and forward it to Apache on the same server (192.168.0.177) and y.mydomain.com and forward traffic to the second server (192.168.0.233).
I do not need any load balancing at this point, just routing/forwarding as described above.
Here you go,
global
#debug
defaults
mode http
option httpclose
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
backend same_server
server same_server 127.0.0.1:8001
backend second_server
server second_server 192.168.0.233:80
frontend app *:80
acl sub_y hdr(host) -i y.mydomain.com
use_backend second_server if sub_y
default_backend same_server
Related
We have a simple HA Proxy (13.5) and an IIS Server behind it. The IIS Server itself requires parallel services on the same box, all of which require Windows Authentication. But, it appears that while on "server" and trying to route traffic to the HA Proxy, back to the same server doesn't pass authentication.
frontend VipTst-M-TCPMode
bind 10.5.30.128:80 name http
bind 10.5.30.128:443 name https
timeout client 180s
option tcplog
mode tcp
log global
default_backend M-TcpMode
####### TCP MODE
backend M-TcpMode
balance roundrobin
mode tcp
log global
timeout server 180s
timeout connect 3s
default-server inter 3s rise 2 fall 3
server ServerA 10.20.30.104 maxconn 1000 weight 10 check port 443 inter 5000
So, from ServerA->HAProxy->ServerA/someservice doesn't seem to work. Ironically, if I go from my desktop like this: Desktop-HAproxy->ServerA/someservice it works fine.
And if I just go ServerA/someservice the page also renders.
In ServerA-HAProxy->ServerA, I'm prompted for credentials.
So what did I miss?
Thanks,
Nick
I have the following HaProxy configuration:
frontend smtp
bind :25 accept-proxy
default_backend smtp_backend
backend smtp_backend
mode tcp
timeout server 1m
timeout connect 5s
server srv1 127.0.0.1:2500 send-proxy check maxconn 500
That is being a Load Balancer (AWS). I need to know the IP of the Load Balancer.
Looking at the logs on HaProxy, I have the following lines:
Jul 1 16:00:03 ip-172-31-1-100 haproxy[10350]: Connect from 172.31.1.5:35040 to 172.31.1.100:25 (smtp/TCP)
So HaProxy get the proper source IP of the Load Balancer (I'm not looking for the client at that level).
But when showing the IP/Port on the destination server, I get the local IP : 127.0.0.1.
I suspect it's because of server srv1 127.0.0.1:2525 send-proxy check maxconn 500 line, but how can I get the IP of the Load Balancer on my end server?
Thank you in advance!
(note: Once the connection is established, AWS Target Group sends me a Proxy v2 command that allows me to get the client IP address, and this works, but I first need to get that 172.31.1.5 IP from the Load Balancer).
Unfortunately, Haproxy will only support ip forwarding in HTTP mode through some headers.
In your case, you need to use specially compiled HAproxy - TProxy.
Docs: https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
This will support forwarding client ip(AWS load balancer IP in your case) even in TCP mode.
I have a couple of webservers that are reachable directly through the following URL:
https://abcd.example.com:8445/desktop/container/landing.jsp?locale=en_US
https://wxyz.example.com:8445/desktop/container/landing.jsp?locale=en_US
I need to use HAProxy to loadbalance between the two and use the following URLs instead when hitting the frontend:
http://1234.example.com/desktop/container/landing.jsp?locale=en_US
or
https://1234.example.com:8445/desktop/container/landing.jsp?locale=en_US
So other requirements beside the two above:
If initial traffic is port 80, convert to port 8445
Mask the URL so that on the browser while it redirected to https and port to 8445, the host remains intact, like so: https://1234.example.com:8445/desktop/container/landing.jsp?locale=en_US
Here's my config so far:
frontend WebApp_frontend
mode http
bind 10.4.34.11:80
acl is80 dst_port 80
http-request set-uri https://%[req.hdr(Host)]:8445%[path]?%[query] if is80
default_backend WebApp-backend
backend WebApp_backend
description WebApp
balance roundrobin
mode http
server webserver1 10.2.89.222:8445 check inter 5s fall 3 rise 5 downinter 1m ssl verify none
server webserver2 10.4.89.223:8445 check inter 5s fall 3 rise 5 downinter 1m ssl verify none
The problem I'm facing right now is that when you access the frontend, HAProxy will redirect you to any of the webservers and force your client to hit the webserver directly instead of through the HAProxy. I need the connection to remain through the HAProxy.
If all your application is doing is redirecting to HTTPs then you should probably just handle that directly within HAProxy. You might want to also explore whether your application supports X-Forwarded-Proto and X-Forwarded-Host.
Another option is you can have HAProxy rewrite the redirects from the backend application to the hostname you choose. Using HAProxy 2.1 you would do something like this:
http-response replace-header location https?://[^:/]*(:?[0-9]+/.*) https://1234.example.com\1 if { status 301:302 }
I need an help about the configuration of our HAProxy.
this is our configuration:
HAProxy > Varnish servers > CMS servers
what I wish is that the HAProxy the HAProxy checks in the backend if the CMS Server is working properly and the use the varnish server as connection.
is it possible? if yes, how?
thank you very much
Nick
In your HAProxy backend you can use the server option and specify the addr and port options to define where the check actually goes. For example:
backend nodes
mode http
balance roundrobin
server varnish1 10.0.0.1:80 check addr 10.1.0.0 port 80
server varnish2 10.0.0.1:80 check addr 10.1.0.1 port 80
server varnish3 10.0.0.3:80 check addr 10.1.0.2 port 80
The 10.1.0.x addresses are for the CMS.
The documentation has all of the parameters that can be specified for the check option.
I set up and haproxy on a mesosphere cluster and set up three web servers using marathon. Now I am trying to load balance between them using this config
global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
defaults
log global
retries 3
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats
bind 127.0.0.1:9090
balance
mode http
listen apiserver
bind 0.0.0.0:80
mode tcp
balance leastconn
server apiserver-3 10.132.62.240:31000 check
server apiserver-2 10.132.62.243:31000 check
server apiserver-1 10.132.62.242:31000 check
Now if I am in the VPN I can connect to the server normally - however externally I am unable to do that.Other Services manage to use the ports without problems (both local and global) but haproxy can't seem to work. If I put haproxy in a docker container it works , however I don't want to do that