I have a task to configure haproxy that proxies inbound traffic on multiple ports.
This is what I did after some googling:
I easily figured out how to bund tho ports on frontend as the internet is full of examples. But almost no information about how to configure backends for this.
When its just one port on server line I used ":" and port number. as :443 or :80. But here I assumed thet I should take out port and send just to server. Not sure if its correct???
Also check parameter – I could not show to check both ports availability so picked one. But I'm sure there must be a better way of doing this.
Can Anyone help?
frontend FE-VPN
bind 10.10.90.10:500
bind 10.10.90.10:4500
mode tcp
log global
option tcplog
option dontlognull
option contstats
timeout client 300s
maxconn 10000
default_backend BK-VPN
backend BK-VPN
mode tcp
log global
option tcplog
option tcp-check
timeout server 300s
timeout connect 5s
balance leastconn
retries 3
server DA-VPN-01 10.10.90.21 weight 1 check port 500 source 10.10.90.10
server DA-VPN-02 10.10.90.22 weight 1 check port 500 source 10.10.90.10
UPD
This is the best thing I came up with so far. Please tell me if you think it's correct
backend BK-VPN
mode tcp
log global
option tcplog
option tcp-check
tcp-check connect port 500
tcp-check expect string +OK
tcp-check connect port 4500
tcp-check expect string +OK
timeout server 300s
timeout connect 5s
balance leastconn
retries 3
server DA-VPN-01 10.10.90.21 weight 1 check source 10.10.90.10
server DA-VPN-02 10.10.90.22 weight 1 check source 10.10.90.10
Best Answer
It looks fine. If you don't specify a port then it will use the same port that it hit on the front end. So if it hit 10.10.90.10:500 on the front end it would go to 10.10.90.21:500 etc. As for the health check either check a single port - or maybe use an external health check script if you need something more complicated i.e. a multi-port check.