Haproxy with multiple IP in one server

haproxyip

I use haproxy to loadbalancer multiple virtual machines (web services). Each virtual machine has multiple IP addresses.

What is best practice to setup this on haproxy? Right now my configuration are each IP of virtual machine have an entry "listen" on haproxy with corresponding two real server.

Can I ask if it can be revise like multiple "listen" and only two backend server. Because all "listen IP" is forwarded only to same virtual machine. 

global
    chroot /var/lib/haproxy
    pidfile /var/run/haproxy.pid
    stats socket /var/run/haproxy.stat mode 666
    maxconn 4096
    user haproxy
    group haproxy
    daemon

defaults
    mode http
    log global

    log 127.0.0.1 local0 notice
    option dontlognull
    option redispatch
    timeout connect 10000 # default 10 second time out if a backend is not foun
    timeout client 300000
    timeout server 300000
    maxconn 60000
    retries 3

listen stats

    bind xx.xxx.xxx.xxx:8888
    stats uri /
    stats realm Haproxy\ Statistics
    stats auth user:pass
    stats refresh 20

    listen server 66.xxx.xxx.36:80
    mode http
    balance roundrobin
    cookie SERVERID insert nocache indirect
    option http-server-close
    option forwardfor
    option httplog
    server server1 66.xxx.xxx.66:80 cookie sv1 check inter 5s rise 2 fall 5
    server server2 66.xxx.xxx.68:80 cookie sv2 check inter 5s rise 2 fall 5

    listen app 66.xxx.xxx.36:80
    mode http
    balance roundrobin
    cookie SERVERID insert nocache indirect
    option http-server-close
    option forwardfor
    option httplog
    server app1 66.xxx.xxx.66:80 cookie ap1 check inter 5s rise 2 fall 5
    server app2 66.xxx.xxx.68:80 cookie ap2 check inter 5s rise 2 fall 5

Best Answer

there are two things you can do. First, you can have as many "bind" lines as you want in a "listen" or "frontend" section. So if the only thing that changes is the IP, then it's the best thing to do. Second, if you have any reason to apply a different processing to each IP (eg: different ACLs, or rewrite rules), then you should use "frontend"+"backend" instead of "listen". A "listen" section is exactly a frontend plus a backend, both in the same section. By having multiple frontends, you can define what type of processing you want on each IP address, and make them all use the same backend (using the "default_backend" rule). And all your servers will only be placed in this single backend, with the same cookie name, same LB algorithm, same health checks, etc...

Hoping this helps, Willy

Related Topic