Backend IP based on frontend IP


#1

Hi,

I use Haproxy (1.6 on Ubuntu 12.04) as a SSL termination proxy in front of a Varnish server. Varnish listen several IPs, for virtual host purpose. So I want Haproxy to listen all IPs, and pass each request to Varnish with the same IP.

The configuration could be :

frontend www-https1
   bind 1.1.1.1:443 ssl  strict-sni crt /var/ssl/
   default_backend www-backend1
backend www-backend1
   server www-1 1.1.1.1:80 check
frontend www-https2
   bind 2.2.2.2:443 ssl  strict-sni crt /var/ssl/
   default_backend www-backend2
backend www-backend2
   server www-1 2.2.2.2:80 check

etc.

But I would prefer a configuration like this :

frontend www-https
   bind :443 ssl  strict-sni crt /var/ssl/pem/
   default_backend www-backend
backend www-backend
   server www-1 ${frontend_ip}:80 check

I saw {frontend_ip} in similar topics, but it doesn't seem to work... My global configuration works because if a put an IP instead of {frontend_ip}, it works.

Any idea ?

Thanks,


#2

[quote=“Kal, post:1, topic:647”]
Varnish listen several IPs, for virtual host purpose. So I want Haproxy to listen all IPs, and pass each request to Varnish with the same IP.[/quote]

This will never scale. Why can’t you use the Host Header to tell Varnish which server is meant?

This is not supported. Fix your real problem: which is the Host information has to be communicated at HTTP level, not IP level between Haproxy and Varnish. Then you will have a lot less problems overall.


#3

I have hundreds of sites (and then hundreds of domains) spread over 6 virtual hosts (currently), it would not be very convenient to use host to select backends in Varnish.


#4

Why? The host header seems much more convenient to me for this.

Haproxy will never support this, as backend servers are always hard configured with a 1:1 relationship.


#5

In Varnish, to select a backend with the host header, the configuration look like this :

    if (req.http.host == "domain1.com" || req.http.host == "domain2.com") {
        set req.backend = backend1;
    }
    elsif (req.http.host == "domain3.com" || req.http.host == "domain4.com") {
        set req.backend = backend2;
    }

With hundreds of domains, the configuration will be huge… And the configuration would have to change almost daily to add new domains.


#6

I don’t really understand the problem with using a huge configuration, isn’t the varnish configuration compiled into C? And don’t you need a similar configuration anyway when its IP based?

I assume that the configuration of new domains is automated anyway.

You need specific, per domain configurations, you will either have a huge haproxy or a huge varnish configuration. I suggest you automatize the problem away.


#7

The configuration isn’t automated for new domains because configuring the DNS record for the domain is enough currently.

I will think about using host header but this would change many things in the server infrastructure…

Thank you for your help, lukastribus !