Binding multiple port

Help!
1

I have frontend listening on multiple ports and forwarding to backed on ports from 8001 to 8005

I have the following blocks for all 8001-5 ports? This looks redundant to me. Is there any easy of doing it without repeating the blocks for multiple ports?

frontend 8001
bind *:8001 ssl crt /etc/haproxy/certs/current/my.pem ssl crt /etc/haproxy/certs/current
mode http
acl 8001 hdr(host) -i stagesvc-api.kbing.com
acl 8001 hdr(host) -i stagesvc-api.kbing.com:8001
use_backend 8001 if 8001

backend 8001
acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0
acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0
http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port
http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto
mode http
server app2 stagesvc-aus.kbing.com:8001 check

frontend 8002ā€¦
ā€¦
backend 8002ā€¦
ā€¦

Can somebody help so this can be achieved

2

Just, specify a port-range in the frontend, omit any ports in the backend (so the original destination port is used), and specify the port to do health checks on with the port directive (if you really need health checking, that is, because if you only have one server there is really no point in doing so).

frontend stagesvc-api
 bind *:8001-8005 ssl crt /etc/haproxy/certs/current/my.pem ssl crt /etc/haproxy/certs/current
 mode http
 acl acl_stagesvc-api hdr(host) -i stagesvc-api.kbing.com
 acl acl_stagesvc-api hdr_beg(host) -i stagesvc-api.kbing.com:
 use_backend bk_stagesvc-api if acl_stagesvc-api

backend bk_stagesvc-api
 acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0
 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0
 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port
 http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto
 mode http
 server app2 stagesvc-aus.kbing.com check port 8001
3

Thank you so much! But I have another question if you donā€™t mind answering, please.

server app2 stagesvc-aus.kbing.com check

I do have only one backend server but with multiple containers listening on respective 800x port. when I just have ā€œcheckā€ without the port in the backend, it gives me ā€œALERT: server app2 has neither service port nor check port nor tcp_check rule ā€˜connectā€™ with port iā€ error.
Is there any way to have a check on respective ports. Since its port points to different containers running on the backend, I would like to make sure that containers are running and responding on that port.

4

No. One server can only health check one port. Thats what check port 8001 as above does.

Since haproxy cannot failover to a different server, there is no real point to enable haproxy health checks.

This requires external monitoring.

5

Thank you for quick reply!

6

What if the port numbers are different on the backend, 143 frontend needs to go to 20143 backend etc?

frontend mail
  mode tcp
  bind 0.0.0.0:110 
  bind 0.0.0.0:143
  bind 0.0.0.0:995
  bind 0.0.0.0:993

backend
server mail1 mail.example.com
7

You could probably do something with set-dst-port based on arithmetic operation (like adding 20000 to the dst-port, if thatā€™s the use case), but Iā€™m not sure if the added complexity is worth it.

8

I only see this in combination with http-request

9 
tcp-request connection set-dst-port
10

for the record

frontend mail
  mode tcp
  bind 0.0.0.0:110 
  bind 0.0.0.0:143
  bind 0.0.0.0:995
  bind 0.0.0.0:993
  tcp-request connection set-dst-port dst_port,add(20000)

backend
server mail1 mail.example.com
1 Like
11

Thanks!!! :slight_smile: