I have a server serving 12 support domains and a path (see config below). Because of “Windows” I’m not using headers, SNI or DNS to direct traffic. It’s IP addresses and port numbers, HTTP/1.0-style.
Despite all the headache of Windows, it has a few good things here and there though, for instance; this server is actually part of a cluster, it’s kept on sync completely transparently using Active Directory-backed DFS replication and has centralized certificates, the same files used by HAProxy, a script makes the adjustments whenener new ones are issued and places them in a domain-joined SMB share (macOS Server) for IIS to get. It’s really nice and useful for serving static, or domain-authenticated stuff, and… no, that’s it.
I’d like to add the other servers of the cluster to HAProxy to have HA and not just Proxy but I’m fearing I’d need to split the single backend I have into 12 backends (and growing). My config file is around 1200 lines as it is.
Is that correct? I’m very OK to be told I’m wrong, please, let me have it.
Config file (only relevant lines)
frontend port80 from httpees ################ STANDARD CLEARTEXT HTTP TRAFFIC ##
bind :80
bind :::80
#http-request cache-use acachehttpd
#http-response cache-store acachehttpd
timeout client 5s
unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
unique-id-header X-Unique-ID
errorfiles mainset
acl https ssl_fc
http-request set-var(txn.txnpath) path
http-request set-var(txn.txnhost) hdr(host)
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
http-request disable-l7-retry if METH_POST
acl icloudrelay src -f /etc/haproxy/maps/icloudrelay.map
## FRONTEND: port80 ## FRONTEND: port80 ## FRONTEND: port80 ## FRONTEND: port80
acl iiscluster var(txn.txnpath) -m beg -i /statcap
acl nowwwredir var(txn.txnhost) -m beg -i www.
acl iiscluster var(txn.txnhost) -m str -i dmg.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i hyperfetch.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i status.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i pki.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i testphp.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i fetch.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i media.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i vmdepot.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i premcheck.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i go.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i priv.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i terms.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i root.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i raiz.domain01.tld
use_backend iiscluster if iiscluster
frontend port443-raw from tcpees ########################### SNI / TLS ROUTING
bind :443 alpn h2
bind :::443 alpn h2
mode tcp
log global
option socket-stats
option dontlognull
option dontlog-normal
option log-separate-errors
option tcplog
timeout client 30s
…
tcp-request content accept if { req.ssl_hello_type 1 }
…
default_backend loopback-main
frontend main from httpees ##################### STANDARD OFFLOADING FRONTEND ##
bind /haps/main.socket name main accept-proxy ssl crt fullchain.pem alpn h2,http/1.1
errorfiles mainset
#http-request cache-use acachehttpd
#http-response cache-store acachehttpd
timeout client 5s
tcp-request inspect-delay 5s
tcp-request content switch-mode http if HTTP
http-request set-var(txn.txnhost) hdr(host)
http-request set-var(txn.txnpath) path
#http-response return status 400 default-errorfiles if !{ var(txn.txnhost) -m end domain1.tld or -m end domain2.tld or -m end domain3.tld or -m end domain4.tld }
## FRONTEND: port443 ## FRONTEND: port443 ## FRONTEND: port443 ## FRONTEND: port443
http-request disable-l7-retry if METH_POST
option forwardfor
acl https ssl_fc
#acl wshdr1Found hdr(Connection) -i Upgrade
#acl wshdr2Found hdr(Upgrade) -i websocket
acl iiscluster var(txn.txnpath) -m sub -i /statcap
acl wpadmin var(txn.txnpath) -m beg -i /wp-admin
acl icloudrelay src -f /etc/haproxy/maps/icloudrelay.map
acl nowwwredir var(txn.txnhost) -m beg -i www.
acl matrix var(txn.txnhost) -m str -i matrix.domain01.tld
acl matrix var(txn.txnhost) -m str -i dimension.matrix.domain01.tld
acl matrix var(txn.txnhost) -m str -i jitsi.matrix.domain01.tld
acl matrix var(txn.txnhost) -m str -i stats.matrix.domain01.tld
acl matrix var(txn.txnhost) -m str -i goneb.matrix.domain01.tld
## FRONTEND: port443 ## FRONTEND: port443 ## FRONTEND: port443 ## FRONTEND: port443
acl iiscluster var(txn.txnhost) -m str -i domain01.tld
acl iiscluster var(txn.txnhost) -m str -i hyperfetch.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i status.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i pki.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i testphp.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i dmg.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i fetch.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i media.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i vmdepot.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i premcheck.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i go.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i priv.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i terms.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i root.domain01.tld
acl iiscluster var(txn.txnhost) -m str -i raiz.domain01.tld
use_backend iiscluster if iiscluster || ref
backend redir443 from httpeebottombitch ############## SELECTIVE HTTPS REDIRECT
http-request redirect scheme https code 302
backend loopback-main ################################### MAIN FRONTEND LOOPBACK
mode tcp
log global
# use mailers
# level emerg
email-alert mailers globalmailers
email-alert level emerg
email-alert from NoRESP-approuter@domain01.tld
email-alert to webmaster@domain02.tld
email-alert myhostname approuter.domain01.tld
timeout connect 30s
timeout server 30s
retries 30s
server main /haps/main.socket send-proxy-v2-ssl-cn check inter 12s
backend iiscluster from httpeebottombitch ######################################
http-request set-var(txn.txnpath) path
http-request set-var(txn.txnhost) hdr(host)
http-request add-header X-Forwarded-Proto http unless { ssl_fc }
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk
balance roundrobin
http-request disable-l7-retry if METH_POST
http-check send meth OPTIONS uri / ver HTTP/1.1\r\nHost:\ zz.domain01.tld\r\nAccept:\ */*
http-check expect !rstatus ^5
use-server status.zz03 if { var(txn.txnpath) -m beg -i /statcap }
use-server zz01 if { var(txn.txnhost) -m str -i domain01.tld }
use-server hyperfetch.zz02 if { var(txn.txnhost) -m str -i hyperfetch.domain01.tld }
use-server status.zz03 if { var(txn.txnhost) -m str -i status.domain01.tld }
use-server pki.zz04 if { var(txn.txnhost) -m str -i pki.domain01.tld }
use-server testphp.zz05 if { var(txn.txnhost) -m str -i testphp.domain01.tld }
use-server dmg.zz06 if { var(txn.txnhost) -m str -i dmg.domain01.tld }
use-server fetch.zz07 if { var(txn.txnhost) -m str -i fetch.domain01.tld }
use-server media.zz08 if { var(txn.txnhost) -m str -i media.domain01.tld }
use-server vmdepot.zz09 if { var(txn.txnhost) -m str -i vmdepot.domain01.tld }
use-server premcheck.zz10 if { var(txn.txnhost) -m str -i premcheck.domain01.tld }
use-server go.zz11 if { var(txn.txnhost) -m str -i go.domain01.tld }
use-server priv.zz12 if { var(txn.txnhost) -m str -i priv.domain01.tld }
use-server terms.zz13 if { var(txn.txnhost) -m str -i terms.domain01.tld }
use-server root.zz14 if { var(txn.txnhost) -m str -i root.domain01.tld }
use-server root.zz14 if { var(txn.txnhost) -m str -i raiz.domain01.tld }
server zz01 10.11.11.20:80 check inter 12s observe layer4 error-limit 10 on-error fastinter
server hyperfetch.zz02 10.11.11.20:2202 check inter 12s observe layer4 error-limit 10 on-error fastinter
server status.zz03 10.11.11.20:2203 check inter 12s observe layer4 error-limit 10 on-error fastinter
server pki.zz04 10.11.11.20:2204 check inter 12s observe layer4 error-limit 10 on-error fastinter
server testphp.zz05 10.11.11.20:2205 check inter 12s observe layer4 error-limit 10 on-error fastinter
server dmg.zz06 10.11.11.20:2206 check inter 12s observe layer4 error-limit 10 on-error fastinter
server fetch.zz07 10.11.11.20:2207 check inter 12s observe layer4 error-limit 10 on-error fastinter
server media.zz08 10.11.11.20:2208 check inter 12s observe layer4 error-limit 10 on-error fastinter
server vmdepot.zz09 10.11.11.20:2209 check inter 12s observe layer4 error-limit 10 on-error fastinter
server premcheck.zz10 10.11.11.20:2210 check inter 12s observe layer4 error-limit 10 on-error fastinter
server go.zz11 10.11.11.20:2211 check inter 12s observe layer4 error-limit 10 on-error fastinter
server priv.zz12 10.11.11.20:2212 check inter 12s observe layer4 error-limit 10 on-error fastinter
server terms.zz13 10.11.11.20:2213 check inter 12s observe layer4 error-limit 10 on-error fastinter
server root.zz14 10.11.11.20:2214 check inter 12s observe layer4 error-limit 10 on-error fastinter