Which one of these configurations is good?

Hello,
I want to launch an HAProxy for below infrastructure:

HAProxy Server : 192.168.56.7
Apache Server 1 : 192.168.56.8
Apache Server 2 : 192.168.56.9

Which configuration is better?

Configuration number 1:

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind 192.168.56.7:80
    default_backend             apache

    option http-server-close
    option forwardfor
    stats uri /haproxy?stats
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend apache
    mode        http
    option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost
    balance     roundrobin
    server      node2 192.168.56.8:80 check
    server	    node3 192.168.56.9:80 check

Configuration number 2:

listen  http_web 192.168.56.7:80
        mode http
        balance roundrobin
        option httpchk
        option forwardfor
        server      node2 192.168.56.8:80 maxconn 512 check
        server	    node3 192.168.56.9:80 maxconn 512 check


listen  https_web 192.168.56.7:443
        mode tcp
        balance source# Load Balancing algorithm
        reqadd X-Forwarded-Proto: http
        server      node2 192.168.56.8:80 maxconn 512 check
        server	    node3 192.168.56.9:80 maxconn 512 check

Any idea and sample welcomed.

Thank you.

listen vs frontend/backend are both good.

But if you want to send to a second backend based on a path, like /.well-known/ it’s easier to seperate frontend from backend. And switch backends based on acl’s.

The listen https_web is wrong though…
It’s incorrect for an ssl proxy, and it is incorrect for a tcp proxy.

1 Like

Thus, configuration number 1 is OK.
Can you give me more information about the listen?
Can you add your changes to the configuration number 2?