I need your opinion on the following situation.
I have two frontends: one is in http mode (website) and the other is in tcp mode (elastic).
Historically the tcp frontend was only used to redirect to our Elasticsearch tcp backend.
However, because of organizational constraints, I need to specifically allow one machine to connect on the website frontend and be redirected to the elastic backend.
I did this using an acl with
src <ip> but realized that haproxy would not start because I was referring to an incompatible tcp backend.
[ALERT] : http frontend 'frontend_https' (/etc/haproxy/haproxy.cfg:0) tries to use incompatible tcp backend 'backend_elastic' (/etc/haproxy/haproxy.cfg:0) in a 'use_backend' rule (see 'mode').
I switched our elastic backend to http mode and haproxy started working again.
My question to you is:
- Is this the correct way of doing things ?
- Am I going to see a performance drop in my tcp backend since I switched to http mode ?
This website seems to indicate that inspecting the content of the HTTP request is slower and tcp should be preffered. However is there a difference when using backends? since my backend used to be tcp and I am not planning on ever using the http specific features available for this part of my configuration I was wondering if this would affect performance (we have heavy workloads on the elasticsearch backend).
Thank you for your help!