I've installed HAProxy 1.7.5-2 on a Debian Stretch (9) for a blue/green deployment infrastructure.
HAProxy is setup in TCP mode and reloads DNS every 5 seconds but it doesn't.
global
log 127.0.0.1 local0 warning
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 10m
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option dontlognull
timeout connect 360s
timeout client 300s
timeout server 300s
retries 99999
resolvers aws-vpc-dns
nameserver vpc {DNSIP}:53
resolve_retries 30
timeout retry 1s
hold valid 5s
frontend site-frontend
bind *:80
use_backend site-backend
backend site-backend
balance roundrobin
server company-www target.services.company.com resolvers aws-vpc-dns
listen blue-webapp-http
bind :9000
balance roundrobin
server company-blue blue.services.company.com resolvers aws-vpc-dns
When I change the DNS record to something else, the host
command on the HAProxy server returns the new addresses correctly.
Reloading/restarting HAProxy service is the only way I've found for now.
Any clue on what could be the issue?
Best Answer
The hostname used for
server
is resolved duringhaproxy
startup when configuration file is parsed or during health checks. You don't have any checks defined for yourserver
so you can get updated hostname only during restart/reload. If you wantserver
hostname to be updated at runtime you need to define health checks.See HAProxy documentation Server IP address resolution using DNS for details.