HAProxy with Multiple Domain

Configuring HAProxy for resolving to multiple domains in multiple servers


HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world’s most visited ones.http://haproxy.org

I recently came across HAProxy while trying to setup HA/Failover server. I had it setup using NGINX Reverse Proxy and it was working well, but I was starting to have second thoughts about it, as it was being used just for proxy/LB stuff. During my research I came across the term HAProxy a lot and wanted to test it. I have a small (but quite similar to larger NGINX environment) test environment setup with HAProxy, and the first thing it came into my mind after some initial use was “Damn, this thing is fast! Faster than my NGINX setup!”. I still haven’t migrated completely to HAProxy as there are lots of things, some quite complex, that needs to be tested with it.

Setting Multiple Domains

If you are familiar with apache or NGINX web servers, then you might have come across (or know quite well) about VirtualHosts. It is the method used by those webservers to set up various applications/websites in a single server. HAProxy uses ACL (Access Control List) for this task. Coming directly from Apache and NGINX, it seemed similar in some ways,but different.

Configuring ACLs in HAProxy

Assuming HAProxy is already installed in the system, let’s see how multiple domains can be used in HAProxy. Simple config file is shown below. It has been taken and modified from different websites/blogs/tutorials including default haproxy config file, and mostly inspired from this blog.

global
	log	127.0.0.1 local2
	chroot	/var/lib/haproxy	
	pidfile	/var/run/haproxy.pid
	maxconn	4096
	user	haproxy
	group	haproxy
	daemon
	stats socket /var/lib/haproxy/stats

defaults
	mode	http
	log	global
	option	httplog
	option	dontlognull
	stats	enable
	stats	auth username:password
	stats	uri /hpstats
	retries	3
	timeout http-request	3
	timeout queue			10s
	timeout	connect			1m
	timeout client			1m
	timeout server			1m
	timeout http-keep-alive	10s
	timeout check			10s
	maxconn				4096

frontend http-in
	# We are binding HAProxy to port 80, such that it listens directly on port 80.
	bind *:80
	option http-server-close

	# The following defines the domain names that we are planning on proxying
	# Make sure to replace your-domain(1,2).com with real domains that are being proxied
	# Also, using better/meaningful names instead of host_domain1, host_domain2 is recommended
	acl host_domain1 hdr(host) -i your-domain1.com
	acl host_domain2 hdr(host) -i your-domain2.com

	# The following section defines which backend to be used by HAProxy
	# If it is host_domain1 then it will use backend domain1, similarly domain2 if requests come for host_domain2
	# It can be used for multiple domains in same fashion.
	# Also, using better/meaningful names instead of domain1_backend, domain2_backend is recommended
	
	use_backend domain1_backend if host_domain1
	use_backend domain2_backend if host_domain2

# The following secion is the backend secion of domain1
# It defines which IPs to be used when domain1 is queried to the HAProxy
# Make sure to replace IP_ADDRESS_OF_NODEs with your real IP addresses
backend domain1_backend
	balance roundrobin # There are lots of balancing algorithms in HAProxy.
	option httpclose
	option forwardfor
	cookie JSESSIONID prefix
	server node0 IP_ADDRESS_OF_NODE-0 check
	server node1 IP_ADDRESS_OF_NODE-1 check
	server node2 IP_ADDRESS_OF_NODE-2 check

# The following secion is the backend secion of domain2
# It defines which IPs to be used when domain2 is queried to the HAProxy
# Make sure to replace IP_ADDRESS_OF_NODEs with your real IP addresses
backend domain2_backend
	balance roundrobin # There are lots of balancing algorithms in HAProxy.
	option httpclose
	option forwardfor
	cookie JSESSIONID prefix
	server node0 IP_ADDRESS_OF_NODE-0 check
	server node1 IP_ADDRESS_OF_NODE-1 check
	server node2 IP_ADDRESS_OF_NODE-2 check

After this, the A Record of the domains should be pointed to the IP of the server HAProxy is running. After completion of DNS migration, the domains will be proxied through this server and HA/Failover can be achieved.

Enabling logging in HAProxy

I guess logging is enabled by default, but we aren’t able to find any logfiles in /var/log/haproxy.log because rsyslogd is not listening any address. For that you have to do some configurations in haproxy.cfg, /etc/rsyslog.conf and /etc/rsyslog.d/haproxy.conf.

In /etc/haproxy.cfg file, there should be something like these lines in the global section, if not then add them.

global
	log 127.0.0.1 local2
	...
	...

Create a file haproxy.conf in /etc/rsyslog.d/ if it is not already there (most probably it is not there). And add the following:

local2.*        /var/log/haproxy.log

Then, uncomment these two lines from /etc/rsyslog.conf:

...
$ModLoad imudp
$UDPServerRun 514
...

Finally, restart rsyslog, systemctl restart rsyslog and check /var/log/ folder for haproxy.log file.

comments powered by Disqus