External health check of backend services


#1

Hi

I’m hosting different web-based services on the same machine and using haproxy as a reverse proxy, so based on the request hostname I forward the request into different services on different ports.

I want to check all the backends’ availability from external server.
Haproxy’s check mechanism is totally Ok for me, but I want to expose its result for the outside world.

Now if I check the backend’s availability with ‘nc {hostname} 80’ it always responds with a false ‘succeeded!’ even if the backend is down.

configuration:

frontend http-in
bind *:80
acl is_bck01 hdr_end(host) -i bck01.myhost.local
use_backend bck01 if is_bck01

backend bck01
balance roundrobin
option httpclose
option forwardfor
server s2 127.0.0.1:8081 maxconn 32 check

What is the correct way to check the availability of backends, or how can I fix the configuration to support the netcat/telnet based tcp port check?

Regards:
Bence


#2

So it seems that haproxy won’t close the port access.
( Is there a way to close a listener port when all backends went down? )

So what is the proper way of external health check?
How can I

  1. Configure haproxy to expose that information
  2. Check that with external application

Could anybody give me some pointers?

I see there is an ‘health_check’ directive which checks haproxy’s own availability.

…and there is an ‘external-check’ option which runs a command on the server:
https://cbonte.github.io/haproxy-dconv/configuration-1.6.html#option%20external-check

Regards:
Bence


#3

Is it something not supported or so hard to configure?
I see people checking this and passing by…


#4

What are you asking?

Are you asking to close the frontend port when no backends are available?
–> Thats not supported. Please use intelligent l7 health checks, not simple layer 4 port checks from additional frontend proxy layers.

Are you asking to use external health checks for the backends?
–> Check external-check documentation.


#5

I just want the emission/exposion of the currently well-known backend status.

Are you asking to close the frontend port when no backends are available?
–>
Thats not supported. Please use intelligent l7 health checks, not
simple layer 4 port checks from additional frontend proxy layers.

Do you mean using layer 7 checks (http request/response checks) from outside or from haproxy config?

Are you asking to use external health checks for the backends?
–> Check external-check documentation.

It says I would need to define a script on the server itself. This is something which I definitely need only if I would need to write my own service checks. But this is not the case.

What about ‘http-response set-status’ can I set the http status based on haproxy’s health check status?
(http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#4-http-response)


#6

To monitor the haproxy backend status? You can monitor haproxies syslog messages, check the unix admin socket or the stats interface.


#7

Solved! You were right: I needed to check the HTTP protocol (layer7) from outside.

This did the trick:

curl -Ivs http://bck01.myhost.local 2>&1 | grep “< HTTP/”| awk ‘{print $3}’