Questions tagged [haproxy]
HAProxy is an open source, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing.
2,114
questions
0
votes
0
answers
8
views
HaProxy custom ports
I need to load balancing one of our customers application portal. The flow works as follow:
The enduser reach the portal through the URL example.net:3000/login page;
The enduser will choose one of ...
0
votes
0
answers
12
views
How to configure HAProxy to access K8S cluser?
I have setup K8S cluster, it is up and running
5 control planes
8 worker nodes
I have setup HAproxy working OK
2 nodes
1 virtaul IP
I can access the clustre from a client by using admin.conf file ...
- 902
0
votes
0
answers
11
views
haproxy stick table entry length
I'm using string stick table:
not specifying entry length (default 32 characters for len is exactly what i need)
there is a note for store keyword stating: "For each
item specified here, the ...
- 101
2
votes
1
answer
122
views
haproxy.cfg errors in configuration file. Help needed
Trying to follow these indications:
https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration
and these indications:
HAProxy use urls in server config?
I'm trying ...
- 155
0
votes
0
answers
36
views
HA-Proxy Layer4 connection, info: “Connection refused”
I'm having difficulty in understanding how to properly configure haproxy
root@k8s-eu-1-control-plane-node-1:~# sudo systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: ...
- 155
0
votes
0
answers
19
views
HA Cluster initialization issues
During the initialization of the very first control-plane-nodes (3 control-plane-nodes + 3 worker-nodes) I'm getting these errors :
root@k8s-eu-1-control-plane-node-1:~# sudo kubeadm init --control-...
- 155
0
votes
0
answers
25
views
HAproxy : backend apiserverbackend has no server available!
I'm getting this output :
root@k8s-eu-1-control-plane-node-1:~# sudo systemctl status haproxy.service
○ haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy....
- 155
0
votes
0
answers
52
views
timed out waiting for the condition during Kubernetes Cluster Initialization with --control-plane-endpoint
Following the indications found here: https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#keepalived-and-haproxy I'm trying to initiate the very first control-plane-node , but I'...
- 155
0
votes
1
answer
99
views
only allow traffic from one FQDN
I have a docker container running a Flask app and then frontending it with an Nginx proxy. The Nginx container is running on port 80 and then I am using an HAProxy for SSL offloading. This setup ...
- 159
0
votes
0
answers
135
views
How to SSL Passthrough on HAProxy while routing based on full URL?
I'm new to HAProxy admin so it may be a stupid question. So I wanted to do SSL pass though on our HAProxy load balancer. The diagram look like this:
client -> HAProxy -> server
where, all ...
-1
votes
0
answers
44
views
HAProxy to forward SMTP and Imap like an reverse Proxy- Possible?
I've a question concerning Haproxy. I want to use the Haproxy to forward SMTP and IMAP Traffic. The Haproxy is used to route traffic from China to europe. We have an european Mailhoster, which is very ...
- 1
0
votes
0
answers
15
views
HAProxy path-based routing a webpage; webpage resources cannot load
I have the following haproxy.cfg:
global
stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
log stdout format raw local0 info
defaults
mode http
...
- 101
0
votes
0
answers
23
views
HAProxy add header on response doesn't work
frontend http-in
bind *:8080
default_backend proxies
backend proxies
timeout connect 5s
timeout server 30s
balance roundrobin
http-response set-header X-Server-Data %s
...
- 125
0
votes
0
answers
8
views
HAproxy gpt0 does not trigger backend selection
I have a frontend definition that looks like this:
frontend fe_imap from defaults_1
mode tcp
bind 127.0.0.1:143
bind [::1]:143
bind x.x.x.x:143
stick-table type ip size 100k expire 24h store ...
0
votes
1
answer
79
views
Mariadb active passive failover doesn't work with HAProxy
What is wrong with my HAProxy config?
This thread kind of similar, but still not the same: Haproxy mysql failover load balancing
I have an active-passive Mariadb galera cluster.
Today on the master ...
- 115
0
votes
1
answer
28
views
Tomcat 9 - does gracefulStopAwaitMillis *properly* wait for requests to finish when using non-blocking IO connector?
How does Tomcat 9.0.80+ handle graceful shutdown when using the NIO connector?
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
...
0
votes
0
answers
47
views
How to route requests with the same query parameter to the same backend servers?
I have three Nginx reverse proxy servers with ModSecurity installed acting as WAF servers which route requests to my Kubernetes Cluster ingress-nginx, Istio service mesh is installed on the Kubernetes ...
- 85
0
votes
1
answer
21
views
Munin haproxy plugin is not getting data even though munin-run show data and other plugins work fine
I have a Munin server (2.72) monitoring a lot of servers fine.
I have a haproxy server with munin-node (2.0.73) running fine for every plugin except haproxy_* (haproxy_sessions_frontend, ...
- 132
0
votes
0
answers
62
views
haproxy sni for http/3 quic (udp)
I've got haproxy doing sni routing for a bunch of sites without issue. HTTP/2 works great. Is there a way to setup sni type routing for HTTP/3 (quic) without having any certs installed in haproxy?
- 321
0
votes
2
answers
62
views
KeepAlived and HAProxy VIP Appears Twice
Linux Distribution: CentOS 9 Stream
Version of HA Proxy: HAProxy version 2.4.22-f8e3218
Version of KeepAlived: Keepalived v2.2.8 (04/04,2023
I'm protecting 2x HAProxy load-balancers using keepalived ...
0
votes
0
answers
64
views
HAproxy, nginx and HTTP/2
I have few servers and for all of them:
HAproxy sometimes is giving SSL certs for connection
Sometimes nginx is giving SSL certs
I need to set up HTTP/2 connections, where currently all are HTTP/1.1....
- 169
0
votes
0
answers
98
views
Enable keepalive or connection reuse in forward proxy
I need to setup a forward proxy in this way:
application server ---> forward proxy ---> internet (every site from internet)
For example: curl --proxy http:my-proxy.com:8080 https://google.com
It ...
- 113
0
votes
1
answer
161
views
Reverse TCP proxy ports 80 and 443 by server hostname [duplicate]
I have one public IP address. I am trying to allow access via the public IP on ports 80 and 443 to multiple services, differentiated by requested server name.
HOWEVER, one service requires a TCP ...
- 1
0
votes
1
answer
99
views
HAProxy backend - How to connect to remote server?
Good afternoon everyone,
I am a newbie in web hosting and still feel like I am learning to swim in the middle of the ocean. What I want to do is setup HAproxy to forward a request to a remote server ...
0
votes
0
answers
44
views
How can I create a condition with OR and AND in HAPROXY
I need to create a silent drop rule.
If packet not from example_lan_allowed to path_beg /api/ or path_beg /swagger-ui/ has been received by HAPROXY, it should be passed, but other packets to ...
- 101
1
vote
0
answers
89
views
Looking for a good beginners guide for SSO and HAProxy (keyloak, authelia..)
Im using haproxy now for several years and im very happy... (After i experienced with traefik...) Now i want to put some of my docker-microservices (hedgedoc etc) in the internet. But i want to have ...
- 41
0
votes
0
answers
33
views
Haproxy cannot read full URL
I am using 2 types of proxies in my system one is for static files and images, other is for other files.
I want to create a ACL rule for .png .jpeg etc. and route those to my other cheap proxy. My ...
- 1
2
votes
0
answers
250
views
Can any help me to understand HAProxy DDoS attack protection configuration?
I'm using HAP on and off for a bit now and now I'm trying confgure DDoS protection per frontend, to block a connection for 5 mints, if it receives more than 200 requests per second from the same ...
- 479
0
votes
2
answers
88
views
HAPROXY: How to ensure all clients are connected to one server only?
I have 3 servers setup: 1 primary, 2 backups. I used the following configuration:
backend pg_production_backend
option pgsql-check user pg_user
server primary pghost.primary:5432 check on-...
- 1
1
vote
0
answers
28
views
Haproxy blocking more TCP requests than expected
In short HAproxy is blocking my TCP requests while I expect not to be and found nothing in logs.
Here the interesting part of my haproxy file :
global
log /dev/log local0 debug
log /...
- 133
0
votes
0
answers
175
views
Forward local generated Secure Websocket traffic (wss) through an HTTP/HTTPS proxy to reach internet
I have a python webex_bot application (https://github.com/fbradyirl/webex_bot) which uses websockets for webex cloud communication. The problem is that the server in which the bot is being hosted on, ...
- 1
0
votes
0
answers
117
views
HAProxy closes connection on exact client timeout, even though there was data flowing in the middle of that period
I'd like to have long lived connections(if possible infinite), from app containers to RabbitMQ behind HAProxy 2.8.1.
The problem is that the HAProxy severs the connection at exact client timeout, even ...
0
votes
0
answers
84
views
PfSense - Ha proxy Wan Ip timeout when outside network requests
Currently I'm setting up a home lab and I've the following architecture
Architecture
I've setup my ISP provider to redirect any 80 requests to my pfsense firewall.
Created a rule allowing any requests ...
- 101
0
votes
1
answer
201
views
haproxy on pfsense fw to guac
I am having some issues with setting up a publicly accessible guacamole server thru my pfsense, which is running haproxy.
Internet > pfsense
\ haproxy > guac
I have my domain DNS thru ...
0
votes
0
answers
113
views
HAProxy transparent TCP proxy fails when source 0.0.0.0 usesrc clientip is set
I have a setup where I want a transparent TCP proxy in front of some HTTPS services. The services themselves deal with certificates so I'm trying to avoid a HTTP proxy here. I also need the services ...
- 1
0
votes
1
answer
220
views
HAProxy setting variables for logging
Goal
I am trying to output the full payload of the request as part of an error message, because I believe the requester is giving me a garbage payload. The original, working log was
setenv TCP_LOG &...
- 111
2
votes
1
answer
620
views
Adding custom headers on error responses from haproxy
I have the following haproxy config that adds the access-control-allow-origin header on successful 200 requests with the below config. My problem is, when I hit timeouts or haproxy itself (not my ...
0
votes
1
answer
248
views
How to configure Keepalived to act as L4 load balancer via direct routing method
Trying to achieve L4 load balancing via Keepalived in front of HAProxy that will act as L7 load balancer. Both Keepalived and HAProxy are on separate machines. I managed to get everything in the below ...
- 101
-1
votes
1
answer
316
views
How can I get haproxy to completely ignore SSL handshake errors?
Scenario:
I have an old hp dl360 g7 with iLO 3. Modern browsers can't access it because it uses ancient ciphers.
On my internal network, I'd like to have haproxy talk to it and eat the SSL errors and ...
- 141
0
votes
1
answer
222
views
Why doesn't this HAProxy ACL match the HTTP method from returned from a map?
I'm trying to configure HAProxy to allow a specific set of HTTP methods to a specific set of paths, stored in a map.
For example, I have a haproxy map file which contains the following:
/api/...
- 1,731
0
votes
1
answer
277
views
Change request without change url on browser HAProxy
i configure haproxy, when i type test.example.com it redirect me to example.com/test
This is what i want but the problem i want this happen without changing the url on the browser, i want it to keep ...
- 1
0
votes
0
answers
82
views
HAProxy load balancing check
I have two LDAP servers that replicate together on my LAN. I have a Pfsense CE that performs a load balancing on my two servers for the requests from the WAN. Is it possible to check the number of ...
0
votes
0
answers
53
views
Letsencrypt + HAProxy SSL Offloading
I am using HAProxy for SSL offloading and letsencrypt certificates. Previously, I was using the tls-sni-01-port flag - which is no longer supported.
Does anyone have a recipe that has been working in ...
- 239
0
votes
0
answers
140
views
Why HAProxy session cookie is changing?
I run two containers of an app behind an Haproxy and use sticky sessions. I configured it with a cookie as follow :
cookie SERVER insert indirect nocache
server app1 app-1:443 check ssl verify none ...
- 1
0
votes
0
answers
219
views
HaProxy - Add authorization header per backend
I want to add an autorization header per backend, it's possible?
I already try this but is not working
backend default_ad_agent
mode http
http-request add-header Authorization "...
0
votes
0
answers
2k
views
curl: (7) Failed connect to 192.168.169.128:80; Connection refused, how to fix?
Why is my haproxy load balancer not working?
I'm on centos 7.
I've set up 2 servers "nginx-node01" and "nginx-node02". As the name implies these 2 servers are of nginx. They're up ...
- 124
0
votes
1
answer
94
views
How to use DSR load balnce from two different network?
I have a server (A) which clients connect to it throw internet and its ip is 195.45.10.2 it route trafic to server (B) and its ip is 85.10 20.2 . So now I want to use some thing like dsr to let server ...
0
votes
0
answers
80
views
HAProxy stats page does not update when new server is added/removed via dataplane API
I am using dataplane api to dynamically add/remove backend servers. I was expecting haproxy stats to update accordingly with new haproxy config version generated by dataplane API. Am i missing ...
1
vote
1
answer
164
views
Why haproxy can not set custom header for ingress-nginx
I have config haproxy.cfg like bellow
...
frontend app
bind *:443
mode tcp
option tcplog
option forwardfor
http-request set-header X-AONE-IP 10.0.0.1
...
- 11
0
votes
0
answers
154
views
Direct Server Return software and configuration for mesh network of raspbery pi servers
I don't know much about DSR technology but as I am aware both load balancer and servers need to be behind same router because of virtual IP addresses.
I need solution to have cloud-based geo-based ...
- 133