I'm trying to set up an HAProxy that will listen on port 80 and roundrobin redirect location any traffic to two servers along with doing the health check
.
The servers have different URL's so afaik I can't use server <name> <ip>:<port> check
lines as I want the client's browser to read https:///ssl1.blah.com or https://ssl2.blah.com
Here's my haproxy.cfg:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#debug
#quiet
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webfarm *:80
mode http
stats enable
stats auth admin:apassword
balance roundrobin
option forwardfor
redirect location https://ssl1.blah.com/gohere
redirect location https://ssl2.blah.com/gohere
Any pointers would be greatly appreciated. This is my first adventure with HAProxy or any software NLB.
Thanks
Best Answer
I don't think you can balance redirects. If the purpose of this deployment is to redirect all traffic to these servers from http to https, you'll want to listen on two separate IPs, and redirect accordingly. This will mean that the user must know the subdomains in advance.
What you're attempting to do strikes me as not so good. A user is going to hit your frontend URL, and be redirected to one of two subdomains. If they return, they may be redirected to the other subdomain. As a user, I'd find this extremely awkward.
The purpose of load balancing, is obscuring the implementation details of how many and what servers are in the cluster, and provide a uniform front end.
I'd suggest something along the lines of the following:
In each of the backends, have their default page load at
/gohere
rather than trying to get HA Proxy to rewrite the URL. Now you can load balance all you want, obscure the details from the user.If you REALLY want to achieve the rewriting of the subdomains, you could attempt something like this:
However, you'd need to install HA Proxy on all 3 hosts (unless any of the above backends share a host and have multiple NICs).
If you're using Apache as the backends, you can achieve https redirects very very simply and shouldn't manage this with HA Proxy.