The High Availability (HA)Proxy is an open-source very fast and reliable reverse proxy and load balancer.
Over the years it has become a state of the art open-source product and is often deployed by default on popular cloud platforms.
Basic Setup with Health Endpoint and Statistic Page
For a first test, you can use the following HAProxy configuration file, which defines a frontend bound to port 80 and provides a health check endpoint as well as a statistic page.
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# SETUP STATISTIC Page
stats refresh 30s
stats auth proxyUser:test1234
stats uri /haproxy?stats
# SETUP HEALTH Check Endpoint
# a frontend can bind multiple ports
# Set the proxy mode to http (layer 7) or tcp (layer 4)
For a first starting point, you can run HAPRoxy using the official docker image with the configuration file mounted and port 80 exposed.
docker run --name haproxy -p 80:80 -v /path/to/config/folder:/usr/local/etc/haproxy haproxy
Congrats! HAProxy is up and running.
To verify the basic setup, you can visit the
/health endpoint as well as the
Common Configuration Commands
The main focus of this post is on some very common HAProxy configuration commands.
The frontend part of the HAProxy configuration file usually includes some actions executed on received requests based on some conditions defined using Access Control Lists.
# bind port 80
# Set the proxy mode to http
Access Control List (ACL)
An ACL allows to test various conditions and perform actions based on those conditions. Different ACLs can also be combined using logic operators (AND, OR, NOT).
An ACL can be defined inline or as a named ACL that can be used for different actions.
To provide an example of a named ACL, the following ACL named
TEST_ACL evaluates true for all requests that request path starts with
acl TEST_ACL path_beg /test
Execute Actions on Requests
This section provides some basic configurations to modify requests that fulfill a defined ACL.
This config snippet provides examples of modifying or redirecting request URLs that fulfill some defined ACLs.
acl url_path_rewrite path_beg /rewrite
http-request redirect location %[url,regsub(^/rewrite,/static,)] if url_path_rewrite
acl url_path_replace path_beg /replace
http-request replace-path /replace /static200 if url_path_replace
acl uri_replace path_beg /redirect
http-request redirect location https://google.com if uri_replace
Set Query Param
acl query_test path_beg /query
http-request set-query tenant=1 if query_test
http-request replace-path /query /static-backend if query_test
To block requests HAProxy provides a
http-request deny command.
In combination with an ACL it can be used to block specific requests.
acl bad_ip hdr_ip(X-Forwarded-For) 89.XXX.XXX.XX
http-request deny if bad_ip
acl blockedagent hdr_sub(user-agent) -m reg -i ^(.bot.)
http-request deny if blockedagent
Forward Request to Backend
acl static_backend path_beg /static-backend
use_backend static_backend if static_backend
The backend configuration part of the HAProxy provides the possibility to define backend applications, files, or websites that can be used to proxy or load-balance incoming requests using the
use_backend configuration command.
Backend configurations are defined on the same level as the frontend configuration.
Serve Static File
http-request return status 200 content-type "text/html; charset=utf-8" lf-file /usr/local/etc/haproxy/test.http
Serve Backend Application
server server1 xxx.xxx.xxx.xx1:80
server server2 xxx.xxx.xxx.xx2:80
server server3 xxx.xxx.xxx.xx3:80