Setting Up a Load Balancer With HAProxy

1) Handling TCP Requests

frontend tcp_listner
bind *:48453
mode tcp
default_backend tcp_backend_48453
backend tcp_backend_48453
balance roundrobin
mode tcp
server infra-node1 172.226.120.33:30453 check
server infra-node2 172.226.120.34:30453 check

2) Handling HTTP Requests

HTTP Interface

frontend http_insecure_passthrough
bind *:8080
mode tcp
default_backend insecure_passthrough_backend
backend insecure_passthrough_backend
balance roundrobin
mode tcp
server infra-node1 172.226.121.33:32080 check
server infra-node1 172.226.121.33:32080 check

HTTPS Interface with SSL Termination at the LB

frontend http_secure
bind *:443 ssl crt /etc/ssl/mynwk.com/mynwk.pem force-tlsv12
mode http
option http-server-close
option forwardfor except 127.0.0.0/8
option httplog
acl has_api path_beg /api
use_backend secure_api_backend if has_api
default_backend secure_backend
backend secure_api_backend
balance roundrobin
mode http
server infra-node1 172.226.122.33:32444 check ssl verify none
server infra-node1 172.226.122.34:32444 check ssl verify none
backend secure_backend
balance roundrobin
mode http
server infra-node3 172.226.122.35:32443 check ssl verify none
server infra-node4 172.226.122.36:32443 check ssl verify none

HTTPS Interface with SSL Passthrough at the LB

frontend http_secure_passthrough
bind *:8443
mode tcp
default_backend passthrough_backend
backend passthrough_backend
balance roundrobin
mode tcp
server infra-node1 172.226.123.33:32443 check
server infra-node1 172.226.123.33:32443 check

3) Configuring Logs for HAProxy

log 127.0.0.1 local2
systemctl restart haproxy.service
# Collect log with UDP
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514

# Creating separate log files based on the severity
local2.* /var/log/haproxy-traffic.log
local2.notice /var/log/haproxy-admin.log
systemctl restart rsyslog.service
/var/log/haproxy-traffic.log
/var/log/haproxy-admin.log
$ cat /etc/logrotate.d/haproxy

/var/log/haproxy-traffic.log {
daily
rotate 10
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

4) URL Rewrite in HAProxy

1) set-path

frontend secure_https_5443
bind *:443
mode http

acl has_old_api path_beg /old_api/ws
http-request set-path /new_api/https-ws if has_old_api
acl has_abc path_beg /abc
http-request set-path /new_endpoint/xyz/%[path] if has_abc
https://mynwk.com/old_api/ws >> https://mynwk.com/new_api/https-wshttps://mynwk.com/old_api/ws/xxx?key=value >> https://mynwk.com/new_api/https-ws
https://mynwk.com/abc >> https://mynwk.com/new_endpoint/xyz/abchttps://mynwk.com/abc/xxx?key=value >> https://mynwk.com/new_endpoint/xyzn/abc/xxx?key=value

2) set-path with regsub

frontend secure_https_5443
bind *:443
mode http
acl has_abc path_beg /abc
http-request set-path %[path,regsub(^/abc/,/new_api/xyz/)] if has_abc
https://mynwk.com/abc >> https://mynwk.com/new_api/xyz/https://mynwk.com/abc/xxx?key=value >> https://mynwk.com/new_api/xyz/xxx?key=value

--

--

--

Senior Software Engineer | BSc (Hons) Engineering | CIMA | Autodidact | Knowledge-Seeker

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Deploy Web Server on Docker through Ansible.

The Linux Commands Series: Part III

Building Git in Elixir — Part 4 (Store Nested Trees as Merkle Tree)

Git Handbook Manual

Dream11 Android Application Architecture

Choosing the Right Technology For Your Project

Install latest GO in AWS Cloud9 (Ubuntu Server 18.04 LTS)

How to Install and Launch Cloudera Environment on Windows

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Danuka Praneeth

Danuka Praneeth

Senior Software Engineer | BSc (Hons) Engineering | CIMA | Autodidact | Knowledge-Seeker

More from Medium

Automation with github actions

Building containers without Docker

Host Docker Engine on Virtual Machine

Kubernetes Architecture — Processes run on Master Node