Clarification on backend server configuration

Hello everyone,
after numerous searches I came to this site and I hope someone can help me clarify my thoughts.

I am configuring an HAProxy istance and reading the server section of the documentation I found the following:

Address "0.0.0.0" or "*" has a special meaning. It indicates that the connection will be forwarded to the same IP address as the one from the client connection.

This is really interesting for me because in my network the caller machine expose the called service so it.

I don’t want to implement transparent proxy because I cannot modify gateway and firewall so I’m trying to understand how this works, I have the impression that defining a backend with 0.0.0.0:port the connection is redirected to the haproxy host and not to the caller host.

Thank you,
Tommaso

It will connect to whatever the destination IP and port of the frontend socket is.

So you want to connect to the source IP, is that it? That is the exact opposite of what this configuration will do.

I guess you can rewrite the destination IP manually with something like:

http-request set-dst src

But I’m not sure if that is what you are trying to achieve. Also it is unclear what ports you want to connect to.

1 Like

Hi lukastribus and thank you for your response, it makes sense.

Let me try to describe my infrastructure and what I would like to accomplish.

I have a dozen linux servers and each one hosts 3 java applications: one is a frontend app and the others are 2 identical backend app listening on 2 different ports.

What I would like to do is have an HAProxy instance that forwards http calls from the frontend app to one of the two backends it has locally (plus some rules to go somewhere else if both backends are down).

So I was hoping not to have to define as many backend pools but to be able to use a single definition specifying that the request should be sent back to one of the 2 services on the caller host.

This is something like dynamic pools but I understand it is unsupported.

In that case my suggestion above should work.

Hello lukastribus,

I’m really close to the conf I would like to implement:

frontend appFrontend
 bind *:8080
 #there is a loadbl in front of my HAProxy so I get the src IP from the XFF header
 http-request set-var(req.xffip) req.hdr(X-Forwarded-For,-1)
 http-request capture var(req.xffip) len 40
 default_backend appBackend

backend appBackend
 option allbackups
 http-request set-dst var(req.xffip)
 #cannot enable check on this 2 servers
 server serverA     *:7501
 server serverB     *:7502
 #backup servers
 server spareA backup:7501 check backup
 server spareB backup:7502 check backup

In this way the backend pool works as a dynamic pool (not preconfigured) but I cannot enable check over the 2 main servers otherwise they are marked as down and requests are redirected to the backup servers.

[WARNING] (9) : Server appBackend/serverA is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 1 active and 2 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] (9) : Server appBackend/serverB is DOWN, reason: Layer4 connection problem, info: “Connection refused”, check duration: 0ms. 0 active and 2 backup servers left. Running on backup. 0 sessions active, 0 requeued, 0 remaining in queue.

Any suggestion on how to do it?

Thank you,
Tommaso