Avatar of shootbox
shootbox
Flag for Italy asked on

HAProxy: help in configuring for Backend proxy servers

Hi,

I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85.

While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me.

However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the following request flow:

1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address

So, since node2 backend server is actually a proxy server, it will make a request to node1 (since it has it in the request's Host header) and the failure will come in.

So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way.

The current configuration file is attached, however since it doesn't work I'm not sure that anything is really configured well.

 
global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen webfarm <node1ip>:80
       mode http
        option http_proxy <<== did this to test, didn't change things
#       stats enable
#       stats auth someuser:somepassword
       balance roundrobin
#      cookie JSESSIONID prefix
       option httpclose
#       option forwardfor
#       option httpchk HEAD /check.txt HTTP/1.0
#       server <node1name> <node1ip>:85
       server <node2name> <node2ip>:85

Open in new window


I'm perfectly ok with any changes, as this is just initial setup and tests, so please let me know if you have any suggestions.

Thanks!
LinuxLinux NetworkingHTTP Protocol

Avatar of undefined
Last Comment
shootbox

8/22/2022 - Mon
Kent W

I have a similar setup, th is is a working config, it uses other nodes as backends, but it's "failback" is itself.
Almost opposite of what you are doing, but similar.  This may help.  

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
       # nbproc 4
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen Webfarm 0.0.0.0:80
      #added
      option httpchk
      balance roundrobin
       stats enable
       stats refresh 5
       cookie SERVERID insert indirect nocache
       option forwardfor
       #option httpchk HEAD /check.txt HTTP/1.0
      server Prod2 <prod2 ip>:80 cookie srv2-a01 check inter 2000 fall 3
      server Prod5 <prod5 ip>:81 cookie srv5-a02 check inter 2000 fall 3 backup

        capture cookie vgnvisitor= len 32

        option httpclose

       option httpclose
       option checkcache

        rspidel ^Set-cookie:\ IP=

Open in new window




shootbox

ASKER
Thanks for that. I actually don't see anything in your configuration that could solve the problem I'm facing, but I'm actually partially there.

Since my problem was that the request was arriving to the backend with the Host header of the Frontend, I used ReqRep option to replace the contents of the Host header to the IP of the backend.

Still having some application level problems though... so will keep this open until I sort it out in case I need any more help.
shootbox

ASKER
Ok, I need some help here. as I mentioned I need to run ReqRep only for one of the backend servers, how can I accomplish that and then have the frontend balance between the two backends?

If I put the two backends under one backend node, they both get the ReqRep parameter, and then one of the servers can't work with the replaced host header.
If I put them in two backend nodes, how can I get the frontend node to balance between the two? this appears to be the correct way but I can't find the right command.

Thanks
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
shootbox

ASKER
So basically what I'm asking is how can I manipulate an HTTP header for only one of the backend servers?
shootbox

ASKER
Ok, got the answer through the HAProxy mailing list.
ASKER CERTIFIED SOLUTION
shootbox

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
shootbox

ASKER
This is the solution.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.