The High Availability (HA)Proxy is an open-source very fast and reliable reverse proxy and load balancer.
Over the years it has become a state of the art open-source product and is often deployed by default on popular cloud platforms.
Basic Setup with Health Endpoint and Statistic Page
For a first test, you can use the following HAProxy configuration file, which defines a frontend bound to port 80 and provides a health check endpoint as well as a statistic page.
global maxconn 256 defaults timeout connect 5000ms timeout client 50000ms timeout server 50000ms mode http # SETUP STATISTIC Page stats enable stats hide-version stats refresh 30s stats auth proxyUser:test1234 stats uri /haproxy?stats # SETUP HEALTH Check Endpoint monitor-uri /health frontend redirect_http-in # a frontend can bind multiple ports bind *:80 # Set the proxy mode to http (layer 7) or tcp (layer 4) mode http
For a first starting point, you can run HAPRoxy using the official docker image with the configuration file mounted and port 80 exposed.
docker run --name haproxy -p 80:80 -v /path/to/config/folder:/usr/local/etc/haproxy haproxy
Congrats! HAProxy is up and running.
To verify the basic setup, you can visit the
/health endpoint as well as the
Common Configuration Commands
The main focus of this post is on some very common HAProxy configuration commands.
The frontend part of the HAProxy configuration file usually includes some actions executed on received requests based on some conditions defined using Access Control Lists.
frontend redirect_http-in # bind port 80 bind *:80 # Set the proxy mode to http mode http ... # acl ... # actions
Access Control List (ACL)
An ACL allows to test various conditions and perform actions based on those conditions. Different ACLs can also be combined using logic operators (AND, OR, NOT).
An ACL can be defined inline or as a named ACL that can be used for different actions.
To provide an example of a named ACL, the following ACL named
TEST_ACL evaluates true for all requests that request path starts with
acl TEST_ACL path_beg /test
Execute Actions on Requests
This section provides some basic configurations to modify requests that fulfill a defined ACL.
This config snippet provides examples of modifying or redirecting request URLs that fulfill some defined ACLs.
acl url_path_rewrite path_beg /rewrite http-request redirect location %[url,regsub(^/rewrite,/static,)] if url_path_rewrite acl url_path_replace path_beg /replace http-request replace-path /replace /static200 if url_path_replace acl uri_replace path_beg /redirect http-request redirect location https://google.com if uri_replace
Set Query Param
acl query_test path_beg /query http-request set-query tenant=1 if query_test http-request replace-path /query /static-backend if query_test
To block requests HAProxy provides a
http-request deny command.
In combination with an ACL it can be used to block specific requests.
acl bad_ip hdr_ip(X-Forwarded-For) 89.XXX.XXX.XX http-request deny if bad_ip
acl blockedagent hdr_sub(user-agent) -m reg -i ^(.bot.) http-request deny if blockedagent
Forward Request to Backend
acl static_backend path_beg /static-backend use_backend static_backend if static_backend
The backend configuration part of the HAProxy provides the possibility to define backend applications, files, or websites that can be used to proxy or load-balance incoming requests using the
use_backend configuration command.
Backend configurations are defined on the same level as the frontend configuration.
Serve Static File
frontend ... backend static_backend http-request return status 200 content-type "text/html; charset=utf-8" lf-file /usr/local/etc/haproxy/test.http
Serve Backend Application
frontend ... backend web_server mode http server server1 xxx.xxx.xxx.xx1:80 server server2 xxx.xxx.xxx.xx2:80 server server3 xxx.xxx.xxx.xx3:80