I'm running version HA-Proxy version 1.8.12-1ppa1~bionic 2018/06/27
on Ubuntu.
I'm trying to load balance requests to load.mysite.com to two different windows servers with IIS. The servers also have other website running on IIS with the same ports. We use host name binding to arrive on the correct website.
This is my HAProxy cfg:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
# Stats
listen stats
bind *:9999
stats enable
stats hide-version
stats uri /stats
stats auth admin:***
# Http In - forward to https
frontend http-in
bind *:80
redirect scheme https if !{ ssl_fc }
# Https in
frontend https-in
bind *:443 ssl crt /etc/ssl/mysite.com/mysite.com.pem
acl host_mysitePlatform hdr(host) -i load.mysite.com
use_backend mysitePlatform_cluster if host_mysitePlatform
backend mysitePlatform_cluster
balance roundrobin
http-request set-header Host node1.mysite.com if { srv_id 1 }
http-request set-header Host node2.mysite.com if { srv_id 2 }
# http-send-name-header Host
server mysite1Server node1.mysite.com:443 check ssl verify none
server mySite2Server node2.mysite.com:443 check ssl verify none
This configuration is not working. IIS returns a 404 because it does not know to which site it should bind.
It works for backend server node1.mysite.com
when I remove if { srv_id 1 }
.
But then of course it only works for one server.
So it looks like the condition if { srv_id ? }
is always false.
I could just fix it by using the same host name bindings on both IIS servers (e.g. www.mysite.com) but we have some constraints that prevent us from doing that.
Also, initially we want the backends to be https because we need code changes to disable https and we want to do those after go live of the load balancer. In a later stage all our backends will be on port 80.
I commented http-send-name-header Host
because this also didn't work. Only http-request set-header Host <hostName>
works for me.
So my question is, how do I get srv_id
to work? I also tried with creating an acl first that for example checks if srv_id = 1 but that is also always false. Perhaps if I could log the actual value of srv_id
when load balancing to a server, then I could change my if statement to the correct value.