Acl haproxy keepalived issue

Help!
1

Hello,

Am using haproxy and keealived in my project but nothing is working.
All services are UP but web app isn’t working.

Please find bellow haproxy.conf:
frontend avfanew
bind 10.5.123.69:80
bind 10.5.123.69:443 ssl crt /etc/ssl/certs/myssl.pem
redirect scheme https code 301 if !{ ssl_fc }
acl host_servic hdr(host) -i avfa-servic.app.com
use_backend servic_cluster if host_servic
acl host_matser hdr(host) -i master.app.com
use_backend master_cluster if host_matser

##############################################################################
backend servic_cluster
#mode tcp
mode http
#stats enable
#stats auth admin:123
balance roundrobin
#server Web01 10.5.123.4:80 check
server web01 10.5.123.6:80 check
option httplog

##############################################################################
backend master_cluster
#mode tcp
mode http
#stats enable
#stats auth admin:123
balance roundrobin
#server Web01 10.5.123.4:80 check
server web02 10.5.123.4:443 check
option httplog

keepalived.conf:

virtual_server 10.5.123.69 80 {
delay_loop 4
#lb_algo rr|wrr|lc|wlc|sh|dh|lblc
#lb_algo wrr
#lb_kind NAT|DR|TUN
lb_kind DR
persistence_timeout 60
#protocol TCP|UDP
protocol TCP

# Server to be added to the pool if all real servers are down
#sorry_server @IP PORT

real_server 10.5.123.4 443 {
    weight 1
    TCP_CHECK {
        connect_timeout 60
        connect_port 443
    }
}

}
virtual_server 10.5.123.69 80 {
delay_loop 4
#lb_algo rr|wrr|lc|wlc|sh|dh|lblc
#lb_algo wrr
#lb_kind NAT|DR|TUN
lb_kind DR
persistence_timeout 60
#protocol TCP|UDP
protocol TCP

# Server to be added to the pool if all real servers are down
#sorry_server @IP PORT

real_server 10.5.123.6 80 {
    weight 1
    TCP_CHECK {
        connect_timeout 60
        connect_port 80
    }
}

}

2

Hi,
You seem to use keepalived for load-balancing and not for VRRP. So you basically have 2 LB now: LVS and HAProxy. LVS will take the traffic since it runs in the kernel.
So first, remove your keepalived configuration, replace it by a VRRP only configuration, you could also try to make haproxy bind wildcard (0.0.0.0) and try to get connected to your service using the local IP of the machine.

3

Hello,

Thanks for your reply.
I don’t matter about keepalived, now am just trying with single haproxy.

I did not indetstend how o bind wildcar (0.0.0.0) so is it possible to share correct config?

4

something like this:

bind 0.0.0.0:80