HAProxy Configuration

From NovaOrdis Knowledge Base
Revision as of 23:12, 4 July 2017 by Ovidiu (talk | contribs) (→‎mode)
Jump to navigation Jump to search

Internal

Overview

If installed with yum, the default configuration file is deployed in /etc/haproxy/haproxy.cfg and the systemd configuration file in /etc/sysconfig/haproxy.

Dependency on Other Services

Under some circumstances, HAProxy need other services to start before it starts, so it can rely on them. For example, if a local DNS server resolves the names referred from HAProxy configuration file, the named service must start before HAProxy. This is configured in the HAProxy's unit file /usr/lib/systemd/system/haproxy.service:

Requires=named.service
After=syslog.target network.target named.service

More details: Declaring a Dependency on a Service.

Logging Configuration

HAProxy logging concepts:

HAProxy Concepts - Logging

Logging configuration consists of the following steps:

Add the following to the "global" section of the configuration file:

log 127.0.0.1:514 local2

and then add the following to each "defaults" section or to each frontend and backend section:

log global

Then make sure the local syslogd does listen to the UDP traffic. For details on how to do this for rsyslogd, see:

Enable rsyslogd to Listen for UDP Traffic

Configure HAProxy to Log into a File

Assuming that logging was configured as described in the previous section, configure local2 events to go to the /var/log/haproxy.log file. Add the following line in /etc/rsyslog.conf:

local2.*  /var/log/haproxy.log

SSL Configuration

HAProxy SSL Pass-Through Configuration

Configuration Reference

Options

httplog

tcplog

Logging is set to tcp instead of the default http.

ssl-hello-chk

A health check that verifies the the connection and its ability to handle SSL (SSLv3 specifically) connections.

global

defaults

mode

Possible values:

http

tcp

Used to pass secure connections off to a backend server without encrypting it.

balance

Possible values:

roundrobin

source