Setting up HA Proxy and having somewhat of an issue with redirects


#1

Hello,

I am fairly new to HAProxy and I am trying to get it configured for new web apps where I work. So far I think it is a great product and I have been able to research a lot of what I have needed to get things working where I think it needs to be.  For the most part the configuration is working where if my main server goes down it will go to the backup server/redirect url's I have in a secondary backend group. It works great actually! What I would like is to enable health checking on the redirect targets like I have for the main backend server, so if they're down it won't use that redirect object and go to next. What I purposely did was block the keepalive traffic to the objects I am trying to do a keepalive for on my redirects via a firewall acl. 

The HPProxy server has a firewall as its gateway so I can currently add objects as well as filter them as part of a backend that aren’t directly on the same network as the hpproxy. Everything works fine when I bring down the main server, it successfully cuts over to the backup backend. What I notice is that regardless if it fails the keepalive check for the servers in the backup pool it redirects to the url even though I am blocking it on the firewall. I am seeing blocks/hits on the acl when trying to do a keepalive to the redirect urls so I know that the keepalive is failing, but I still get redirected regardless. Attached is the config and I am hoping I am just missing something in the config where it would normally mark the backup servers as down if the keepalive check fails. So, as a summary it looks like it is trying to do the health check and fails since HAProxy can’t access the target backup server on port 80. Regardless of this it still passes a redirect to the browser and successfully redirects the user ignoring the fact that it failed. I am just testing it out this way to make sure that the redirect url is up and not just redirect a user to a site that is down. For now it is working fine as is but I just wanted that extra bit of consistency in there if possible.

main frontend which proxys to the backends

#---------------------------------------------------------------------
frontend RMSFrontEnd 172.31.3.200:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js

use_backend static          if url_static

detect capacity issues in production farm

acl MAIN_not_enough_capacity nbsrv(app) lt 1

failover traffic to backup farm

use_backend bk_app_backup if MAIN_not_enough_capacity


default_backend             app

backend app
balance roundrobin
mode http
option httpchk GET /keepalive.html
http-check expect string Alive
server XASF1 192.168.100.54:80 check fall 3 rise 5 inter 2000 weight 10

backend bk_app_backup
mode http
option tcp-check
server Redir 192.168.6.231:80 redir http://example.com check addr 192.168.6.231 port 80 backup
server Redir1 192.168.100.59:80 redir http://example2.com check addr 192.168.100.59 port 80 backup