HaProxy configuration is good or not?


#1

Hi everyone.
I have used haproxy but I would to know if my configuration is good or not.
I try to explain my situation :
I have a load balancer (where I install haproxy ) which has two IP : one public : for example 1.1.1.1 and one private : 172.18.2.1
Then I have 3 webservers which have only one private IP : 172.18.2.2, 172.18.2.3 and 172.18.2.4.
I would that haproxy shift webserver based on load of server.
I attach my configuration. Please, is there someone who confirm that my configuration is good?
Thanks a lot for any suggest.

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend MT
bind 1.1.1.1:80
reqadd X-Forwarded-Proto:\ http
default_backend MT

backend MT
mode http
stats enable
stats hide-version
stats uri /stats
stats realm Haproxy\ Statistics
stats auth haproxy:jessie # Credentials for HAProxy Statistic report page.
balance source
stick-table type ip size 200k expire 60m
stick on src
option httpchk
option httpclose
option forwardfor
cookie LBN insert indirect nocache
server vweb1 172.18.2.2:80 cookie vweb1 check # backend server #1
server vweb2 172.18.2.3:80 cookie wweb2 check # backend server #2
server vweb3 172.18.2.4:80 cookie vweb3 check # backend server #3


#2

Hi,

Your configuration looks good to me.

However, there are a couple of things I would like to mention:

  1. expose-fd listeners directive has been introduced in haproxy after version 1.8. Therefore, if you use this configuration with an haproxy version lower than 1.8, you would run into an unknown keyword error.

  2. It is advisable to have a separate LISTEN directive for haproxy stats. This would help you to keep the configuration tidy and well categorized, especially when defining multiple backends. You can have the directive defined as below:

     listen stats
     		bind *:9999
     		stats enable
     		stats hide-version
     		stats uri /stats
     		stats realm Haproxy\ Statistics
     		stats auth haproxy:jessie # Credentials for HAProxy Statistic report page.
    
  3. You need to ensure that the directory /run/haproxy/ exists, else you would run into "cannot bind UNIX socket" error.

Thanks,
Shivharsh