Setting Up a Load Balancer With HAProxy

1) Handling TCP Requests

frontend tcp_listner
bind *:48453
mode tcp
default_backend tcp_backend_48453
backend tcp_backend_48453
balance roundrobin
mode tcp
server infra-node1 172.226.120.33:30453 check
server infra-node2 172.226.120.34:30453 check

2) Handling HTTP Requests

HTTP Interface

frontend http_insecure_passthrough
bind *:8080
mode tcp
default_backend insecure_passthrough_backend
backend insecure_passthrough_backend
balance roundrobin
mode tcp
server infra-node1 172.226.121.33:32080 check
server infra-node1 172.226.121.33:32080 check

HTTPS Interface with SSL Termination at the LB

frontend http_secure
bind *:443 ssl crt /etc/ssl/mynwk.com/mynwk.pem force-tlsv12
mode http
option http-server-close
option forwardfor except 127.0.0.0/8
option httplog
acl has_api path_beg /api
use_backend secure_api_backend if has_api
default_backend secure_backend
backend secure_api_backend
balance roundrobin
mode http
server infra-node1 172.226.122.33:32444 check ssl verify none
server infra-node1 172.226.122.34:32444 check ssl verify none
backend secure_backend
balance roundrobin
mode http
server infra-node3 172.226.122.35:32443 check ssl verify none
server infra-node4 172.226.122.36:32443 check ssl verify none

HTTPS Interface with SSL Passthrough at the LB

frontend http_secure_passthrough
bind *:8443
mode tcp
default_backend passthrough_backend
backend passthrough_backend
balance roundrobin
mode tcp
server infra-node1 172.226.123.33:32443 check
server infra-node1 172.226.123.33:32443 check

3) Configuring Logs for HAProxy

  1. Uncomment the below line in the file /etc/haproxy/haproxy.cfg
log 127.0.0.1 local2
systemctl restart haproxy.service
# Collect log with UDP
$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514

# Creating separate log files based on the severity
local2.* /var/log/haproxy-traffic.log
local2.notice /var/log/haproxy-admin.log
systemctl restart rsyslog.service
/var/log/haproxy-traffic.log
/var/log/haproxy-admin.log
$ cat /etc/logrotate.d/haproxy

/var/log/haproxy-traffic.log {
daily
rotate 10
missingok
notifempty
compress
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

4) URL Rewrite in HAProxy

1) set-path

frontend secure_https_5443
bind *:443
mode http

acl has_old_api path_beg /old_api/ws
http-request set-path /new_api/https-ws if has_old_api
acl has_abc path_beg /abc
http-request set-path /new_endpoint/xyz/%[path] if has_abc
https://mynwk.com/old_api/ws >> https://mynwk.com/new_api/https-wshttps://mynwk.com/old_api/ws/xxx?key=value >> https://mynwk.com/new_api/https-ws
https://mynwk.com/abc >> https://mynwk.com/new_endpoint/xyz/abchttps://mynwk.com/abc/xxx?key=value >> https://mynwk.com/new_endpoint/xyzn/abc/xxx?key=value

2) set-path with regsub

frontend secure_https_5443
bind *:443
mode http
acl has_abc path_beg /abc
http-request set-path %[path,regsub(^/abc/,/new_api/xyz/)] if has_abc
https://mynwk.com/abc >> https://mynwk.com/new_api/xyz/https://mynwk.com/abc/xxx?key=value >> https://mynwk.com/new_api/xyz/xxx?key=value

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Danuka Praneeth

Danuka Praneeth

Senior Software Engineer | BSc (Hons) Engineering | CIMA | Autodidact | Knowledge-Seeker