The High Availability (HA)Proxy is an open-source very fast and reliable reverse proxy and load balancer.
Over the years it has become a state of the art open-source product and is often deployed by default on popular cloud platforms.
Basic Setup with Health Endpoint and Statistic Page
For a first test, you can use the following HAProxy configuration file, which defines a frontend bound to port 80 and provides a health check endpoint as well as a statistic page.
global
maxconn 256
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
mode http
# SETUP STATISTIC Page
stats enable
stats hide-version
stats refresh 30s
stats auth proxyUser:test1234
stats uri /haproxy?stats
# SETUP HEALTH Check Endpoint
monitor-uri /health
frontend redirect_http-in
# a frontend can bind multiple ports
bind *:80
# Set the proxy mode to http (layer 7) or tcp (layer 4)
mode http
For a first starting point, you can run HAPRoxy using the official docker image with the configuration file mounted and port 80 exposed.
docker run --name haproxy -p 80:80 -v /path/to/config/folder:/usr/local/etc/haproxy haproxy
Congrats! HAProxy is up and running.
To verify the basic setup, you can visit the /health
endpoint as well as the /haproxy?stats
page.
Common Configuration Commands
The main focus of this post is on some very common HAProxy configuration commands.
Frontend Configuration
The frontend part of the HAProxy configuration file usually includes some actions executed on received requests based on some conditions defined using Access Control Lists.
frontend redirect_http-in
# bind port 80
bind *:80
# Set the proxy mode to http
mode http
...
# acl
...
# actions
Access Control List (ACL)
An ACL allows to test various conditions and perform actions based on those conditions. Different ACLs can also be combined using logic operators (AND, OR, NOT).
An ACL can be defined inline or as a named ACL that can be used for different actions.
To provide an example of a named ACL, the following ACL named TEST_ACL
evaluates true for all requests that request path starts with /test
.
acl TEST_ACL path_beg /test
Execute Actions on Requests
This section provides some basic configurations to modify requests that fulfill a defined ACL.
Redirect Requests
This config snippet provides examples of modifying or redirecting request URLs that fulfill some defined ACLs.
acl url_path_rewrite path_beg /rewrite
http-request redirect location %[url,regsub(^/rewrite,/static,)] if url_path_rewrite
acl url_path_replace path_beg /replace
http-request replace-path /replace /static200 if url_path_replace
acl uri_replace path_beg /redirect
http-request redirect location https://google.com if uri_replace
Set Query Param
acl query_test path_beg /query
http-request set-query tenant=1 if query_test
http-request replace-path /query /static-backend if query_test
Block Requests
To block requests HAProxy provides a http-request deny
command.
In combination with an ACL it can be used to block specific requests.
acl bad_ip hdr_ip(X-Forwarded-For) 89.XXX.XXX.XX
http-request deny if bad_ip
acl blockedagent hdr_sub(user-agent) -m reg -i ^(.bot.)
http-request deny if blockedagent
Forward Request to Backend
acl static_backend path_beg /static-backend
use_backend static_backend if static_backend
Backend Configuration
The backend configuration part of the HAProxy provides the possibility to define backend applications, files, or websites that can be used to proxy or load-balance incoming requests using the use_backend
configuration command.
Backend configurations are defined on the same level as the frontend configuration.
Serve Static File
frontend
...
backend static_backend
http-request return status 200 content-type "text/html; charset=utf-8" lf-file /usr/local/etc/haproxy/test.http
Serve Backend Application
frontend
...
backend web_server
mode http
server server1 xxx.xxx.xxx.xx1:80
server server2 xxx.xxx.xxx.xx2:80
server server3 xxx.xxx.xxx.xx3:80
0 Comments