after numerous searches I came to this site and I hope someone can help me clarify my thoughts.
I am configuring an HAProxy istance and reading the server section of the documentation I found the following:
Address "0.0.0.0" or "*" has a special meaning. It indicates that the connection will be forwarded to the same IP address as the one from the client connection.
This is really interesting for me because in my network the caller machine expose the called service so it.
I don’t want to implement transparent proxy because I cannot modify gateway and firewall so I’m trying to understand how this works, I have the impression that defining a backend with 0.0.0.0:port the connection is redirected to the haproxy host and not to the caller host.
It will connect to whatever the destination IP and port of the frontend socket is.
So you want to connect to the source IP, is that it? That is the exact opposite of what this configuration will do.
I guess you can rewrite the destination IP manually with something like:
http-request set-dst src
But I’m not sure if that is what you are trying to achieve. Also it is unclear what ports you want to connect to.
Hi lukastribus and thank you for your response, it makes sense.
Let me try to describe my infrastructure and what I would like to accomplish.
I have a dozen linux servers and each one hosts 3 java applications: one is a frontend app and the others are 2 identical backend app listening on 2 different ports.
What I would like to do is have an HAProxy instance that forwards http calls from the frontend app to one of the two backends it has locally (plus some rules to go somewhere else if both backends are down).
So I was hoping not to have to define as many backend pools but to be able to use a single definition specifying that the request should be sent back to one of the 2 services on the caller host.
This is something like dynamic pools but I understand it is unsupported.
In that case my suggestion above should work.
I’m really close to the conf I would like to implement:
#there is a loadbl in front of my HAProxy so I get the src IP from the XFF header
http-request set-var(req.xffip) req.hdr(X-Forwarded-For,-1)
http-request capture var(req.xffip) len 40
http-request set-dst var(req.xffip)
#cannot enable check on this 2 servers
server serverA *:7501
server serverB *:7502
server spareA backup:7501 check backup
server spareB backup:7502 check backup
In this way the backend pool works as a dynamic pool (not preconfigured) but I cannot enable check over the 2 main servers otherwise they are marked as down and requests are redirected to the backup servers.
[WARNING] (9) : Server appBackend/serverA is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 1 active and 2 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] (9) : Server appBackend/serverB is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 2 backup servers left. Running on backup. 0 sessions active, 0 requeued, 0 remaining in queue.
Any suggestion on how to do it?