troubleshooting Question

HAProxy: help in configuring for Backend proxy servers

Avatar of shootbox
shootboxFlag for Italy asked on
LinuxLinux NetworkingHTTP Protocol
7 Comments1 Solution1540 ViewsLast Modified:

I am trying to use HAProxy for the following configuration:
Two Linux servers (node1, node2) running apache (on port 85) and squid and acting as Proxy servers to the Internet
I installed HAProxy on node1, and configured it to listen to port 80, and have the backends in their respective apache port 85.

While node1 is the only active server in the backend servers list, I can make a request to node1:80 and it will be successfully redirected to the apache port and returned to me.

However while node2 is the only active backend server, this flow will fail and I will simply get a blank page with HTTP 200.
I think I know why that is. when sniffing on node1, I can see the following request flow:

1. My browser making web the request to node1:80
2. Node1 making the request to node2.
But, this is where the problem comes in.
The source IP is node1
The Destination IP is node2
However the Host in this request is the node1 IP address

So, since node2 backend server is actually a proxy server, it will make a request to node1 (since it has it in the request's Host header) and the failure will come in.

So I guess what I'm asking is what would be the correct option to use in HAproxy in order to have this set up the right way.

The current configuration file is attached, however since it doesn't work I'm not sure that anything is really configured well.

        log   local0
        log   local1 notice
        #log loghost    local0 info
        maxconn 4096

        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen webfarm <node1ip>:80
       mode http
        option http_proxy <<== did this to test, didn't change things
#       stats enable
#       stats auth someuser:somepassword
       balance roundrobin
#      cookie JSESSIONID prefix
       option httpclose
#       option forwardfor
#       option httpchk HEAD /check.txt HTTP/1.0
#       server <node1name> <node1ip>:85
       server <node2name> <node2ip>:85

I'm perfectly ok with any changes, as this is just initial setup and tests, so please let me know if you have any suggestions.


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros