HAProxy ACL to multiple backend ports not working

access-control-listconfigurationhaproxyreverse-proxy

I'm trying to set up haproxy to navigate between the multiple applications running on the same server. If my understanding is correct, I should be able to use ACL rules in the frontend to switch between ports based on the path passed to it. however, everytime I try, I get 503 Service Unavailable. I'm using version 1.5.18 of HAProxy, and have confirmed that the services I want are up and running on the correct ports. My config file is:

global
  log 127.0.0.1   local0
  log 127.0.0.1   local1 notice
  #log loghost    local0 info
  maxconn 4096
  #debug
  #quiet
  user root
  group root

#/installs version
defaults
  log     global
  mode    http
  retries 3
  timeout client 50s
  timeout connect 5s
  timeout server 50s
  option tcplog
  balance  roundrobin

# Set up application listeners here.

listen admin
  bind 127.0.0.1:22002
  mode http
  stats enable
  stats show-node
  stats uri  /admin


frontend http
  maxconn 2000
  bind 0.0.0.0:4000

  acl configuration-path path -i /configuration
  use_backend servers-configuration if config-path

  acl payment-path path -i /payment
  use_backend servers-paymentdate if payment-path

  acl employee-path path -i /employee
  use_backend servers-employeename if employee-path


backend servers-configuration
  server www.server1.com 12.12.12.12:3000 maxconn 100

backend servers-paymentdate
  server www.server1.com 12.12.12.12:3001 maxconn 100

backend servers-employeename
  server www.server1.com 12.12.12.12:3001 maxconn 100

So, for example, if I try:

12.12.12.12:3000/config/id

I'm able to get the results I expect. However, when I try

12.12.12.12:4000/configuration
#or
12.12.12.12:4000/configuration/config/to/service

It fails. So far the only way I've been able to get results from one of the paths is to remove the acl rule for it and include a default backend:

frontend http
  maxconn 2000
  bind 0.0.0.0:4000

  acl payment-path path -i /payment
  use_backend servers-paymentdate if payment-path

  acl employee-path path -i /employee
  use_backend servers-employeename if employee-path

  default_backend servers-configuration

Which let me use the path:

12.12.12.12:4000/config/id

This is obviously not going to work for all of them, though. Can anyone tell me what I have wrong?

Best Answer

I figured it out. In order for the ACL to work, I need to put in the full path for the service:

frontend http
  maxconn 2000
  bind 0.0.0.0:4000  

  acl payment_path path_beg -i /payment/list
  use_backend servers-paymentdate if payment-path

  acl employee-path path_beg -i /employee/list
  use_backend servers-employeename if employee-path

This is not ideal, so I'm looking through how regex works in these acl.

Edit: Was able to figure this out. I just had to set up a path_reg:

frontend http
  maxconn 2000
  bind 0.0.0.0:4000  

  acl payment_path path_beg -i /payment.*
  use_backend servers-paymentdate if payment-path

  acl employee-path path_beg -i /employee.*
  use_backend servers-employeename if employee-path
Related Topic