How-to : Publish multiple URLs with single IP and HAProxy

by | Sep 7, 2015 | HA/DR, Infrastructure, Linux, Network, SysAdmin, Web Servers | 4 comments

Many times there is a need to publish multiple websites from internal network, but there is only one public IP address available.

How this can be done easy way? HAProxy can help us with it.

In example configuration I have 2 URLs registered to same public IP address:

  • first.laboratory.net
  • second.laboratory.net
  • third.laboratory.net

Here is how HAProxy configuration for given example looks like…

/etc/haproxy/haproxy.cfg

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

frontend MAIN
    bind *:80
    mode http
    
    acl FIRST_URL hdr_dom(host) -i first.laboratory.net
    acl SECOND_URL hdr_dom(host) -i second.laboratory.net
    acl THIRD_URL hdr_dom(host) -i third.laboratory.net
    
    use_backend FIRST if FIRST_URL
    use_backend SECOND if SECOND_URL
    use_backend THIRD if THIRD_URL

backend FIRST
    mode http
    server web-first 10.1.1.1:80
    
backend SECOND
    mode http
    server web-second 10.1.1.2:80
    
backend THIRD
    mode http
    server web-third 10.1.1.3:80

All requests to external URLs will be redirected to appropriate internal servers.

Enabling HAProxy Statistics

For monitoring/tracking purposes it might be also useful to enable statistics in HAProxy configuration.

listen stats AAA.BBB.CCC.DDD:8989
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy\ Statistics
        stats auth admin:admin

Above part has to be added to /etc/haproxy/haproxy.cfg configuration file.

Once it will be added refer to:

http://AAA.BBB.CCC.DDD:8989/stats

enter username admin and password admin to display HAProxy statistics.

Of course AAA.BBB.CCC.DDD has to be replaced with appropriate IP address of HAProxy server on which statistics web page should be available.

4 Comments

  1. Patryk
    Patryk on September 7, 2015 at 5:26 pm

    So this is a reverse proxy. How do you configure it with HTTPS if the backend webservers require it? Does it do ssl offloading ?

  2. SKufel
    SKufel on September 8, 2015 at 7:16 am

    HAProxy can do SSL offloading as well as SSL pass-through.

    Example of SSL offloading:

    frontend web-server
    bind *:80
    bind *:443 ssl crt /etc/ssl/cert.pem
    mode http
    default_backend backend-web-servers

    Example of SSL pass-through:

    frontend web-server
    bind *:80
    bind *:443
    option tcplog
    mode tcp
    default_backend backend-web-servers

    backend backend-web-servers
    mode tcp
    balance roundrobin
    option ssl-hello-chk
    server web-server-01 10.1.1.10:443 check
    server web-server-02 10.1.1.11:443 check

  3. josh
    josh on June 9, 2016 at 4:52 am

    HI! I setup my haproxy just like you have here, but when I go to restart or start the service, it fails and says “job for haproxy.service failed because the control process exited with error code. see”sysljournalct1 -xe” for details” Do you know how to fix this?

  4. josh
    josh on June 9, 2016 at 4:58 am

    I debugged it already, thanks guys. It said “listen” was like unrecognized, so it said to use “bind” instead of listen, I did that, still didnt work, removed the stats page, and it worked. great work man! saved me so much time, much respect.

Submit a Comment