I've installed HAProxy 1.7.5-2 on a Debian Stretch (9) for a blue/green deployment infrastructure.
HAProxy is setup in TCP mode and reloads DNS every 5 seconds but it doesn't.
global
log 127.0.0.1 local0 warning
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 10m
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option dontlognull
timeout connect 360s
timeout client 300s
timeout server 300s
retries 99999
resolvers aws-vpc-dns
nameserver vpc {DNSIP}:53
resolve_retries 30
timeout retry 1s
hold valid 5s
frontend site-frontend
bind *:80
use_backend site-backend
backend site-backend
balance roundrobin
server company-www target.services.company.com resolvers aws-vpc-dns
listen blue-webapp-http
bind :9000
balance roundrobin
server company-blue blue.services.company.com resolvers aws-vpc-dns
When I change the DNS record to something else, the host
command on the HAProxy server returns the new addresses correctly.
Reloading/restarting HAProxy service is the only way I've found for now.
Any clue on what could be the issue?