HAProxy community

Multiple log files


I use the haproxy to serve 5 instances of Wordpress multi sites with 2 webservers as backend. Each instance has its own IP.

In haproxy configuration, I have defined each instance in one frontend as follow:

frontend http_front
   bind IP1:80
   bind IP2:80
   bind IP3:80
   bind IP4:80
   bind IP5:80
   mode http

   http-request capture req.hdr(Host) len 100

   acl asbl_wp dst IP1
   acl eshop_wp dst IP2
   acl simple_wp dst IP3
   acl complexe_wp dst IP4
   acl wp1 dst IP5
   acl url_wpadmin path_beg /wp-admin

   acl https_enabled hdr(host) -m reg -i -f /etc/haproxy/ssl_domain.lst

   redirect scheme https if asbl_wp !{ ssl_fc }
   redirect scheme https if eshop_wp !{ ssl_fc }
   redirect scheme https if complexe_wp !{ ssl_fc }
   redirect scheme https if simple_wp !{ ssl_fc }
   redirect scheme https if https_enabled

   use_backend http_update if url_wpadmin wp1
   use_backend complexe_update if url_wpadmin complexe_wp
   use_backend simple_update if url_wpadmin simple_wp
   use_backend asbl_update if url_wpadmin asbl_wp
   use_backend eshop_update if url_wpadmin eshop_wp

   use_backend http_back if wp1
   use_backend complexe_back if complexe_wp
   use_backend simple_back if simple_wp
   use_backend asbl_back if asbl_wp
   use_backend eshop_back if eshop_wp

I was first wondering if this is a good practice to do it so or would it be better to split each IP in a different frontend definition?

Second question: is it possible to log each request to a different log file (one per frontend or one per IP) ? I use fail2ban to ban malicious IPs.

I am running haproxy version 1.8.14-52e4d43 on a centos7 server.


I’ve solved the second question in the following way:

I put a “haproxy.frule” file into the “/etc/rsyslog.d” directory with content like the following (however this also depends on your distro):

# Send messages from haproxy to a seperate files and
# prevent them from being written to any other logfile

if $programname == 'haproxy' and $msg contains "~ backendName1/" then /var/log/haproxy/backendName1
& stop

if $programname == 'haproxy' and $msg contains " backendName2/" then /var/log/haproxy/backendName2
& stop

Thx I will test it.

So instead of having multiple frontend, you do filter on the backend name?


However as frontend and backend name are included in the log, you are free to adjust it to your needs.

I have implemented the solution and it works well.