Hello, so I am running a 3proxy server and want to balance all the incoming traffic through haproxy.
Basically the configuration below does the job perfectly.
Only issue i’v got is that every request every person sends gets balanced by round robin through different outgoing IP.
That what it’s supposed to do you dum dum!
The question is , how to make the user stay on the same outgoing IP for X minuttes, or just forever? Note - I need to access HTTPS pages
P.s I am referring to squid port 4100/4102 as outgoing IPs.
Thank you!!!
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend squid
bind *:8000
default_backend squid_pool
backend squid_pool
balance roundrobin
# balance first
mode tcp
# appsession fblo_ len 100 timeout 1h request-learn prefix
server squid1 xxx.xxx.xxx.xxx:4100 check
server squid2 xxx.xxx.xxx.xxx:4101 check
thank you very much for taking time to answer, in addition to that, is it possible to do persistence by incoming port? Also how could I make sure that same user( source IP) would never end up on the same outgoing IP (backend i suppose) ?
That doesn’t make any sense. Either the connection is already established, so the traffic is hitting the same backend server because it is not subject to another hash (as the load-balancing decision/hash was already completed earlier), or the client comes from a different port altogether meaning it would hit a different backend server anyway.
I don’t see how that’s possible with the current haproxy featureset.
thank you for your detailed answer, but I really need one ‘user’ to not end up on the same backend, from what I have read in the documentations looks like it should be possible combining userlists and stick-tables?
So If an users authenticates with username - bob , he would be redirected only to backed 1?
Or that’s just a stupid idea? ))
Thank you for the patience! )
That use-case certainly never did come up, and I don’t understand what you are trying to achieve.
Do you have thousands of outgoing IP addresses/backend servers?
I don’t know if there is a way to achieve this. It is possible there is a way, maybe with the help of LUA scripting, however you’d have to invest some time to research this.
Basically, I want to sell some proxies, which are hosted on 3proxy server, so I would like to run haproxy as a frontend filter and a balancer, so when user comes to haproxies port he would get assigned one backend (outgoing proxy). Hope it makes sense, maybe it’s more clear this way
Thank you for the answer, only promising thing I found in haproxies documentation is the
src_port for layer 4.
And i’m sorry if i am misunderstanding how TCP ports really work, but if I would listen on
*:1111
*:2222
:*3333
Would these ports would be the ‘source ports’ and thus maybe even possible to bind on? ))
Again, sorry i’f i’m misinterpreting things, but I have to do this on my own because haproxies developers for hire are impossible to find.
