Newest haproxy Questions

Q&A for system and network administrators

haproxy uses one server at a time only

I use haproxy in front of several servers to failover. My purpose is at one time, haproxy sticks to one online server only. I can do this with option "check backup" likes below. frontend web_front ...

Haproxy nbsrv acl not working

The following acl doesn't work for me: acl no_waf nbsrv(to_waf) lt 1 use_backend back-www if no_waf default_backend to_waf I keep getting error 503 (No server is available to handle this request.) ...

HAProxy not working with ALPN

I need to use ALPN in order to configure HAProxy for HTTP/2 support. After configuring HAProxy I tried to restart but it failed. Even upgrading openssl to 1.0.2 did not help. Wikipedia states tat ALPN ...

Haproxy / Nginx headers

having an issue with haproxy / nginx. If i set the domain straight to nginx i can use sites such as gtmetrix.com however if i go via haproxy sites such as gtmetrix are no longer able to find the ...

Force Apache2 web server to listen on a single external IP

I'm trying to force Apache2 web server to listen on a single external IP which belongs to a HAProxy (192.168.50.30) so the users have to go through HAProxy to consume Apache2 web server. At the moment ...

Haproxy require client certificate for some domains but not for another

I'm configuring HAProxy with three backends. I want it requires client side certificate on two backends. Also I need that in the third backend it doesn't requires client certificate. Also ...

configure HA Proxy to allow some requests certain application servers

I have a setup with HaProxy where each haproxy server routes traffic to a number of application servers. The routing for normal http traffic is based on a hash of the request url. Now I want to ...

HaProxy does not redirect http to https

In my centOS 7 LAMP server configuration seems that my HaProxy (v 1.7) load balancer is not able to redirect http request to https binding port 80. Here is my haproxy.cfg: global maxconn 32000 ...

HAProxy: If I bind to ports 32768-65535, the computer lose access to other servers

I need to configure a HAProxy frontend like this: frontend web-server option forwardfor except 127.0.0.0/8 bind :8080 bind :32768-65535 default_backend service But, that ...

haproxy rewrite rule reqirep logs

I have bunch of haproxy rewrite rules for a particular backend, is there a way to log the complete URL to the backend in the haproxy logs? Here is sample from my config file.. reqirep ^([^\ ])\ /...

HAProxy override backend cookie using query parameter

Based on this answer, I can successfully override the backend with a query parameter: backend servers balance roundrobin cookie SERVERID insert indirect nocache use-server web1 if { urlp(...

Predefining all possible servers for EC2 ASG in HAProxy and managing with Ansible

I'm testing out a potential way of managing a dynamic inventory of application servers within an auto-scaling group in HAProxy 1.5.x, using Ansible to manage the individual server status'. I'm just ...

High CPU usage on MariaDB Galera nodes

I have setup 3 cluster mariaDB using Galera for my web services which load balanced with haproxy. The cluster are working great and sync each other but when visitor on my website reach more than 3000 ...

Gitlab behind Haproxy(SSL)

we have a virtualized server (esxi) with the typical configuration: [Client] https -> [pfsense -> haproxy] - http -> [vm] And now I am trying to configure a new virtual server with gitlab, and I can ...

Connect to upstream/backend via socks5 proxy in NginX/HAProxy

I'm trying to make NginX or HAProxy use proxies while connecting to upstream URLs, something like this: Browser -> Nginx/HAProxy -- SOCKS5 Tunnel --> Remote I wonder if it's possible? Edited: ...

DNS Reverse Proxy

I'm using Docker to deploy lots of micro services behind a reverse proxy. I would like to load balance my micro services based on DNS queries and also allow for automated failover and rebalancing ...

HAproxy configuration file. can't view frontend.

my /etc/haproxy/haproxy.conf global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user root group root daemon # turn on ...

Looking for a server/proxy that can dynamically route requests to back-end servers depending on client's IP

When a request comes to the proxy/server, depending upon the requester's IP, the request will be routed to a specific back-end. It is a requirement of the system that the proxy needs to get the ...

Pacemaker add floating IP causes haproxy-clone resource to stop

I have a standard 2 node HAproxy load balancer setup with pacemaker 1.1 (using pcs) and haproxy 1.5. I have 2 floating IP addresses with a constraint with the haproxy service as a haproxy-clone ...

SMTP load balancing with remote host's IP passed through to SMTP servers?

I'm attempting to build a load-balanced SMTP cluster. The mail servers already exist and run Exim 4. Initially, I looked at using Nginx to do the load-balancing, however on the test system all the ...

Using Haproxy as TCP frontend to Nginx (SSL), OpenVPN and OpenSSH. Timing out, no connection

I'm trying to configure Haproxy to run on public port 443 and send TCP traffic to the right place as follow: 2 Nginx instances with SSL termination. Traffic router to either depending of hostname. ...

Return 503 http response [on hold]

HA proxy will check initially whether an application is up or not. So if application is down, HA proxy server is redirecting our request to 503 ERROR page.But we are getting HTTP response as 200. ...

How do I hide “index.php” from URL on HAProxy

Here I have install HAProxy-1.7 on linux machine and backend forward request to varnish cache server then apache2 web server handle. All application install on single machine. Flow: ---443--> | ...

elastichsearch node health check for haproxy

I have place haproxy in front of a three node ES(elasticsearch) cluster. So far the way i check for each node in haproxy is by using httpcheck. Bellow is a snippet of my config: backend elastic_nodes ...

How to add response headers with HAproxy 1.6 based on request URI?

I use HAproxy 1.6 as load balancer in front of tomcat servers. I need to add response headers based on the request URI. For e.g., I'd like to add the response header Cache-Control public,max-age="...

Throttling with HAProxy by IP

We use HAProxy for load balancing on our site. The site is highly dependent on cached data; when we take the site down for maintenance, most of those caches become stale. When we turn the site back ...

HAProxy is it possible to force basic auth then select AD server based on user IP?

Here is my context: I have a web application (using HTTPS) which needs users to be authenticated prior to contacting it The application expects an HTTP header to be set (let's name it HEADER) There ...

HAproxy not working for multiple sites

I'm trying to use single HAproxy Loadbalancer for multiple sites, but only one site is working for me cp_nodes, when I try to access second website it redirects to first website only. global log /...

How to use Haproxy to forward https requests via http

I have an haproxy setup, with a several of haproxy servers that route to a cluster of application servers. I'd like haproxy to do all the ssl termination. Right now https requests are forwarded to ...

How to connecct mysql with two difffrent diffrent port through haproxy

I have 2 mysql server and one ha-proxy server mysql server pointed to haproxy server with diffirent diffrent port ( 3306 and 3307 ) . when i try to connect mysql server tohrough haproxy with port 3306 ...

Remove from URL haproxy

I have an haproxy server and I need it to rewrite the URL. For example, I have a url that is like this: http://myserver.com/UserName/signalr/connect... and I need to remove the UserName, so when ...

nginx only loads root / file nothing else even index.php

I've a HAProxy LB,and one Local LEMP stack server I set the LB to redirect requests to the given path like: www.example.com/here/is/myLEMPstack to my local VM with local IP(192.168.0.8). HAProxy: ...

HAProxy health check for a single backend

I have a HAProxy configuration with a single backend something very similar to this: backend mybackend option httpchk get /ping http-check expect ! rstatus ^5 server mybackend-0 192.168.1.1:9041 ...

Blocking client IP in HAProxy

I need to block certain client IP address say 1.2.3.4 and 2.3.4.5 to access "example.com/abc/def", but both can access example.com/. The client IPs are behind the CloudFlare. Client IP ==> ...

Generate CSR in Haproxy to use UCC SSL Certificate

I think there are a simple answer for this but I don't find it. We have a haproxy server running and some ssl certificates working fine for some sites, normally I generate the csr with this command(in ...

Create ACL With Regex in HAProxy

I want to conditionally add a header to requests that match a domain and its subdomains. So, I want to match a requests from: http://example.com https://example.com http://foo.example.com https://foo....

HAProxy to route applications runnig on different ports

Hi I'm trying to configure HAProxy but I'm having some troubles. We have a single server running two applications (odoomexy,odoopepess) one of them running throught port 8069 and the other throught ...

FTP HAProxy not working on port 21 but 23

I have a simple HAProxy config; frontend on port 21, backend to one ftp-server. the ftp-server is in passive mode, therefore once a control connection is established the data connection is handled by ...

Config Error in HAproxy

I'm having an HAproxy as a loadbalancer on top of 2 backend servers. I installed the SSL certificate and this is my config which gives me tons of errors when reloading HAproxy. Please help! This is ...

HAproxy is giving me problems with regex replace, Is this a bug or am I doing something incorrect?

I am attempting to correct a URL parameter issue by forcing a URL encode on a node of a POST path that is somewhat a frequent occurrence. It seems best, at this time, to fix this at the proxy layer ...

HAproxy redirect all HTTP requests from single frontend to single backend (multiple ports)

I have haproxy installed and it works just fine, currently I have configuration that looks as follows frontend public_http # Listen on port 80 bind *:80 mode http # ...

haproxy logging of req.ssl_sni

I am trying to extend a custom haproxy log-format by adding [req.ssl_sni]. The haproxy version used is 1.6.3 on Ubuntu. The frontend is configured in the following way: bind *:443 mode tcp tcp-...

HAProxy configuration for blocking IPs for sub URLs

I am new to HAProxy. I want to restrict all to access a sub URL but not for access from few IPs. My Implementation of HAProxy is below and it is not block any IPs/URLs # Listen to port 80. Throw a ...

How to redirect public ip through VPN tunnel

I'm new to this and I have looked through many other similar questions but I couldn't find an answer. I have two server at SoYouStart and on one server I have a HAProxy VM. Both servers are connected ...

Haproxy 1.6 - Front end rule based on IP address without domain

In my frontend rules of Haproxy, I'd like to select a backend when the client is reaching haproxy with the IP address and not with the domain name. Basically, if the user target Haproxy with 1.2.3.4 ...

How to set up a reverse proxy to map dynamically URLs to TCP ports?

This is the use case: I have a server which will have Docker containers which will be created and destroyed on demand. The idea is be able to configure a reverse proxy and associate an URL with the ...

Can HAProxy load a userlist from a file?

I can't seem to see anything in the documentation, but this seems like an obvious feature. I want to supply a file containing a list of users for Basic Authentication. I don't want to edit the HAProxy ...

haproxy reverse proxy not transparent

I have a pretty sraight configuration: haproxy listens on port 80 (and, when ready, on port 443) transmits to varnish and finally apache2 listens on port 8080 to serve content When accessing to ...

HAProxy route based on API versions

I'm setting up HAProxy and I need to route based on API versions. The issue is that V2 doesnt have the prefix embedded in the router while v1 does. Here is an example. v1 app route = server/v1/path ...

Remove 3DES cipher vulnerability

So I am running haproxy in front of nginx. I have been made aware that utilizing 3DES is a known vulnerability at this point. In my haproxy.cfg, I have a line stating: ssl-default-bind-ciphers ECDH+...
Translating... 0%