Questions tagged [haproxy]
HAProxy is an open source, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing.
2,147 questions
0 votes
0 answers
53 views
How to configure health-check for Postfix behind HAProxy when using the proxy-protocol
I have a Postfix Backend behind HAProxy and check for a response starting with 220 (status code). backend smtp-backend mode tcp option tcp-check tcp-check expect rstring ^220 ...
- 5
0 votes
0 answers
29 views
Number of concurrent connections (Cur) exceeds the configured limit (Maxconn) HAProxy
I stumbled upon a very interesting case I would like to share with you. I have a HAProxy server that spans 5 CAS Microsoft Exchange servers and another mail server solution. They synchronize between ...
2 votes
1 answer
78 views
HA-proxy verified to unverified: How does round robin work with backup servers in HAProxy?
I’m using HAProxy with a backend configuration that has 3 primary servers and 3 backup servers. Here primary server means with certs and backup means without certs. If all primaries are down, HAProxy ...
0 votes
1 answer
98 views
HAProxy Rate Limit Requests based on backend
I am using HAProxy 2.8.5 Community Edition to load balance my API. Right now i am using rate limit rules in each backend section. What i do is track each source ip and limit each source ip that ...
- 43
3 votes
1 answer
299 views
HAPROXY Backend max connections
I am using HAProxy 2.8.5 Community Edition. In the defaults section of haproxy.cfg I set the maxconn to 20000. In haproxy stats page I notice that each frontend has a session limit of 20.000 but each ...
- 43
-2 votes
1 answer
76 views
'socat stdio /var/lib/haproxy/stats' command gives 'Permission Denied'
I am installing haproxy on Rocky Linux 9.5 pod and then trying configure it using below command - echo "set server bk_web/websrv3 addr 10.1.0.55" | socat stdio /var/lib/haproxy/stats But I ...
google-cloud-platform
1 vote
0 answers
43 views
HAProxy Setup Health Check
I have error with this config, have anyone can help for this case This is my HAproxy config mode http option httpchk GET /auth/v1/health?apikey=API_KEY_HERE default-server inter 3s fall 3 ...
- 11
1 vote
0 answers
113 views
Adding HAProxy to rewrite gRPC paths
I have a Docker container ('grpc_service') which serves gRPC requests at port 9098. This container serves requests from the 'new' version of a gRPC interface. However, there are gRPC clients that ...
- 11
0 votes
1 answer
216 views
HAProxy Request Limit 50 Requests per Second
in an Ubuntu 24.04 Server machine, im using HAProxy (2.8.5-1ubuntu3.3) to load balance my company's API. Load Balancing works great but i am having issues with rate limiting of incoming requests. What ...
- 43
0 votes
1 answer
83 views
Haproxy conditional logging of HTTP requests
I'm running HAProxy version 3.0.5 for proxying HTTP requests across a bunch of different backends, and also as a TCP proxy for a RabbitMQ cluster. I have added a custom log format so I can better ...
- 125
1 vote
1 answer
286 views
Serving https through Caddy directly and over proxy protocol
I have a Caddy server as a reverse proxy for foo.example.lan and bar.example.lan over https on my local network (192.168.1.0/24). This is done with a simple config like this: foo.example.lan { ...
- 121
0 votes
0 answers
39 views
Netperf return MIGRATED TCP STREAM TEST from (null) (0.0.0.0)
I am using Netperf tool to benchmark throughput and latency. My Netperf pod is running in AWS EKS (Kubernetes), behind an HAProxy load balancer. The flow is as below: client ---> HA proxy --> ...
- 101
0 votes
0 answers
111 views
HAProxy Returns 503 Error When Accessing Backend via Proxy, But Direct Backend Access Works
I’m encountering an issue with my HAProxy setup. I have configured HAProxy to load balance multiple backends (web, API, and IoT services) using primary and secondary servers. The problem is: when I ...
0 votes
0 answers
62 views
How to deny HTTP from IPs other than those allowed by multiple ACLs on HAProxy?
I'm trying to deny access to my HTTP server from IPs other than those allowed by my subnets ACLs on HAProxy. I have the following HAProxy configuration : frontend http bind 0.0.0.0:80 acl ...
- 441
0 votes
1 answer
92 views
turning off kex_exchange_identification log messages in sshd
I have a server running haproxy for ssh with server lo-01 lo-01:22 check inter 10s fall 2 rise 1 and then on lo-01 every 10s I get the following auth.log entries: Apr 2 17:04:55 lo-01 sshd[...
0 votes
0 answers
32 views
What is the appropriate field of haproxy_stats URI output to the Sessions \ Total field of Statistics Report?
I have Last field in Sessions section of visual HAProxy Statistics Report (example page: https://stats.haproxy.org/) I want to get equivalent value via command line and the only way I know is /...
- 1
0 votes
0 answers
44 views
HA Proxy Route based Config on different port
I have below haproxy config. frontend main bind :443 ssl crt /etc/haproxy/example.uat.pem ciphers DEFAULT:!LOW:!RC4-SHA:!RC4-MD5:!DES-CBC-SHA:!DES-CBC3-SHA no-sslv3 no-tlsv10 no-tlsv11 bind ...
0 votes
0 answers
62 views
Dynamic Denylisting in HAProxy
Can I deny access to (a part of) a website from a dynamic set of IP addresses, which is automatically updated based on a website visitors's actions within HAProxy? What I'm trying to achieve is called ...
- 1,091
0 votes
0 answers
104 views
Haproxy 2.8.5 on Ubuntu 24.04.2
Please help me with the next "problem" to configure Haproxy What i try to reach is when a domain name reach haproxy on his listen port, the url will be added with a path to be used in the ...
- 1
0 votes
0 answers
159 views
Connections with SD state between HAproxy and Postgres
I’m experiencing an issue with the connection between my PostgreSQL database (a cluster managed by Patroni) and HAProxy. Everything in the application that uses the database works fine, and I don't ...
- 1
0 votes
0 answers
34 views
High available but lost transactions. Keepalived closes the connection unexpectedly when switching master and slave
Describing Cluster of two VM was deployed for HA based on ton of coolguides of pro guys. e.g. : https://grimoire.carcano.ch/blog/high-available-ha-proxy-tutorial-with-keepalived/ Pipeline HAproxy + ...
- 1
0 votes
0 answers
86 views
Coraza SPOA Error: "response id is empty"
I'm running Coraza SPOA on a HAProxy VM and encountering a recurring error in the logs: root@haproxyvm:~/coraza-spoa# tail -f /var/log/coraza-spoa/coraza-agent.log 3:44PM PNC Error handling request ...
- 1
0 votes
0 answers
135 views
HaProxy configuration failing
I am trying to setup HAProxy to proxy fiveM traffic. I am going to be proxying multiple servers through this system and as such have multiple ways to connect be it direct ip, or subdomains. This is my ...
0 votes
1 answer
66 views
Clearing HAProxy favicon cache
From reading https://github.com/haproxy/haproxy/issues/452#issuecomment-575626318, my understanding is that HAProxy caches favicons even if the upstream server content is no longer available or ...
- 154
0 votes
1 answer
483 views
haproxy SSL doesn't work, claims 'no suitable signature algorithm'
I'm setting up haproxy to act as intermediary between the internet and a number of services running in an otherwise-isolated k8s cluster. I've already successfully tested the connection to backend via ...
- 1,437
0 votes
1 answer
47 views
Put a client to a queue instead of passing IIS 503 web error to him
I have HAProxy and 2 backend IIS web servers. When one of the main IIS app polls on one of these servers goes down, then IIS responds me with 503 error. If the client has session persistence on such a ...
- 101
0 votes
2 answers
409 views
HAProxy connection limit per backend server is limited to port_range
I am running a HAProxy load balancer for a WebSocket server. If I put one backend servers backend pieproxy option http-keep-alive timeout tunnel 0ms balance leastconn server s1 IP:3001 ...
- 105
0 votes
1 answer
128 views
HAProxy - Keep path in url - acl
All. I have the following configuration file: frontend devopsdb bind *:8080 acl grafana_path path_beg /grafana/ use_backend back_grafana if grafana_path backend back_grafana server ...
- 103
0 votes
0 answers
93 views
UFW configuration for load balancers with floating IP
I have an app, which is connected to HAProxy, which in turn is connected to a cluster of 3 SQL servers. I opened up the UFW firewall at the HAProxy server to allow traffic from the app server private ...
- 1
0 votes
1 answer
144 views
In my LAN-only environment, how can I reach a specific containers located in HAproxy backend by identifying traffic with a URL path then re-writing?
Setup Details (in case it matters - see image at bottom of post) LAN-only environment Podman containers HAproxy as proxy running as root on host (not a container) Goal (see image to help) On Laptop, ...
0 votes
1 answer
67 views
How to reroute traffic on a local Ubuntu Machine without Traffic Getting Caught in a Loop
I need help rerouting traffic on my ubuntu virtual machine running on parallels for port 443 with a tunnel url to port 1111 on the same ubuntu machine. Once that is successfull the server at 1111 ...
- 13
0 votes
1 answer
115 views
Ubiquiti EdgeRouter-X port forwarding limited to LAN only
I am wanting to swap from my existing back-end reverse proxy (NGinx, which is currently working) to a new HAProxy solution. Note: I have "Enable hairpin NAT" set. I change the port-...
- 201
0 votes
1 answer
128 views
HAProxy config ASL check for every header
I am using HAProxy 2.4 and I am wondering if I can make a condition for all headers length. For example, every header shouldn't be longer than X.
-1 votes
1 answer
171 views
Reverse Proxy infront of Reverse Proxy (domain based routing)
Here comes a probably strange question that is probably also wrongly asked. I have the following network structure/plan...: enter image description here The idea is that someone who is responsible/...
0 votes
1 answer
703 views
Linux keepalived vrrp_track_process does not work as expected
keepalived conf on node01: vrrp_track_process track_haproxy { process haproxy weight 10 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 ...
- 1
0 votes
1 answer
157 views
HAProxy to get IP from header and use that to rate limit
I want to rate limit users connecting to wp-login.php with method POST. The website is behind Cloudflare so, to get the source IP, I need to hdr(CF-Connecting-IP). I want to create a stick table that ...
- 449
1 vote
1 answer
286 views
nginx always reports ssl errors
My application is doing a model like: HAproxy -> nginx -> Django With this model, my application works well, HAproxy load-balances requests to nginx, then nginx forwards requests to Django. But ...
- 11
0 votes
1 answer
172 views
How to use host as HAProxy calculated backend target?
I'm wanting to intercept TCP traffic then forward everything else to their respective back-end servers. I have an internal DNS with matching domain to the wildcard external ingress. I'm thinking ...
- 201
1 vote
2 answers
351 views
HAProxy: need to reset persistent cookie connections
I am using HAProxy for load balance with cookie based session persistence. Configuration: backend nodes mode http balance roundrobin cookie SERVER insert indirect nocache server node1 ...
- 121
0 votes
0 answers
531 views
Can I use haproxy to load balance QUIC/HTTP3 connections without terminating TLS
I have ingress-nginx running on a 3-node k3s cluster. In front of that, I have haproxy running, attached to my public IP and using proxy protocol to send HTTP/S (et al) connections to the cluster, and ...
- 381
0 votes
1 answer
151 views
iptables ineffective on nginx reverse proxy behind haproxy load balancer
Simplified path of our setup: Client -> VM1- instance on aws, haproxy terminating ssl configured to use acl to direct traffic by requested domain to appropriate backend through wireguard tunnel -&...
- 1
1 vote
1 answer
186 views
Incorrect HAProxy reverse proxy config?
I'm configuring my domain, and I want to set up HAProxy as a reverse proxy for all of my subdomains. Somehow I've got this configured incorrectly, and I absolutely have no idea what's wrong. Here's my ...
0 votes
2 answers
2k views
How to implement an active health check with web load balancer
I need to have a web load balancer with active health check. This frontend machine should handle https certificate, a bit of caching and, most important, proxy to backend server only if they are ...
- 1,488
1 vote
2 answers
877 views
LetsEncrypt SSL with HAProxy Renew Not Working
I am trying to give SSL on HAProxy using certbot with LetsEncrypt. I am creating SSL with command: sudo certbot certonly --standalone -d test.example.com \ --non-interactive --agree-tos --email ...
- 21
0 votes
0 answers
148 views
Haproxy SSL handshake errors for local Apache traffic only
Im currently using apache (Ubuntu) on server 1 (ports 80 and 443) which has multiple domain names and a wildcard ssl certificate. All works perfectly at the moment. I want to set up haproxy on server ...
0 votes
1 answer
498 views
How to setup external load balancing to my kubernetes cluster securely?
We have for a period of time just pointed our dns to one of the nodes in our cluster. That node has then load balanced internally to the correct node and application. Something like this: The problem ...
- 103
3 votes
1 answer
274 views
Load balancer with HAProxy
I'm trying to set up a load balancer with HAProxy, but I'm having trouble understanding how to configure it. Can someone provide an example configuration?
- 61
0 votes
1 answer
215 views
haproxy doesn't seem to see all the backends/replicas
I'm trying to make haproxy proxy requests to a number of replicas: docker-compose.yml: services: haproxy: image: haproxy:2.3-alpine volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/...
- 2,546
2 votes
0 answers
252 views
HAProxy 2.4 does not forward HTTP / Hangs
I have a server using docker-compose using the image haproxy:1.4. It works fine but I wanted to migrate to a more recent version. But starting with haproxy:2.4, haproxy does not work anymore. This my ...
- 139
0 votes
1 answer
360 views
HAproxy with Keepalived not behaving as expected
I have two servers in a public subnet with both public and private IPs. I want to configure HAproxy with keepalived and make server1 act as the master and server2 as backup. If server1 goes down, I ...
- 197