Is HAProxy with balance roundrobin redirect location possible

haproxyload balancingredirect

I'm trying to set up an HAProxy that will listen on port 80 and roundrobin redirect location any traffic to two servers along with doing the health check.

The servers have different URL's so afaik I can't use server <name> <ip>:<port> check lines as I want the client's browser to read https:///ssl1.blah.com or https://ssl2.blah.com

Here's my haproxy.cfg:

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #debug
        #quiet
        user haproxy
        group haproxy

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen webfarm *:80
       mode http
       stats enable
       stats auth admin:apassword
       balance roundrobin
       option forwardfor
       redirect location https://ssl1.blah.com/gohere
       redirect location https://ssl2.blah.com/gohere

Any pointers would be greatly appreciated. This is my first adventure with HAProxy or any software NLB.

Thanks

Best Answer

I don't think you can balance redirects. If the purpose of this deployment is to redirect all traffic to these servers from http to https, you'll want to listen on two separate IPs, and redirect accordingly. This will mean that the user must know the subdomains in advance.

What you're attempting to do strikes me as not so good. A user is going to hit your frontend URL, and be redirected to one of two subdomains. If they return, they may be redirected to the other subdomain. As a user, I'd find this extremely awkward.

The purpose of load balancing, is obscuring the implementation details of how many and what servers are in the cluster, and provide a uniform front end.

I'd suggest something along the lines of the following:

Frontend: 10.80.11.1:80 # http://blah.com/
Backend 1: 10.80.11.5:443
Backend 2: 10.80.11.6:443

In each of the backends, have their default page load at /gohere rather than trying to get HA Proxy to rewrite the URL. Now you can load balance all you want, obscure the details from the user.

If you REALLY want to achieve the rewriting of the subdomains, you could attempt something like this:

Frontend: 10.80.11.1:80 # http://blah.com
balance roundrobin
Backend: server 10.80.11.2:80
Backend: server 10.80.11.3:80

Frontend: 10.80.11.2:80 # http://ssl1.blah.com
redirect location https://ss1.blah.com

Frontend: 10.80.11.3:80 # http://ssl2.blah.com
redirect location https://ssl2.blah.com

However, you'd need to install HA Proxy on all 3 hosts (unless any of the above backends share a host and have multiple NICs).

If you're using Apache as the backends, you can achieve https redirects very very simply and shouldn't manage this with HA Proxy.

Related Topic