1

I have a task to configure haproxy that proxies inbound traffic on multiple ports. This is what I did after some googling: I easily figured out how to bund tho ports on frontend as the internet is full of examples. But almost no information about how to configure backends for this.

When its just one port on server line I used ":" and port number. as :443 or :80. But here I assumed thet I should take out port and send just to server. Not sure if its correct??? Also check parameter - I could not show to check both ports availability so picked one. But I'm sure there must be a better way of doing this.

Can Anyone help?

frontend FE-VPN
    bind 10.10.90.10:500
    bind 10.10.90.10:4500
    mode tcp
    log global
    option tcplog
    option dontlognull
    option contstats
    timeout client 300s
    maxconn 10000
    default_backend BK-VPN

backend BK-VPN
    mode tcp
    log global
    option tcplog
    option tcp-check
    timeout server 300s
    timeout connect 5s
    balance leastconn
    retries 3
    server DA-VPN-01 10.10.90.21 weight 1 check port 500 source 10.10.90.10
    server DA-VPN-02 10.10.90.22 weight 1 check port 500 source 10.10.90.10

UPD This is the best thing I came up with so far. Please tell me if you think it's correct

    backend BK-VPN
    mode tcp
    log global
    option tcplog

    option tcp-check

    tcp-check connect port 500
    tcp-check expect string +OK

    tcp-check connect port 4500
    tcp-check expect string +OK

    timeout server 300s
    timeout connect 5s
    balance leastconn
    retries 3
    server DA-VPN-01 10.10.90.21 weight 1 check source 10.10.90.10
    server DA-VPN-02 10.10.90.22 weight 1 check source 10.10.90.10
poige
  • 9,171
  • 2
  • 24
  • 50
dunkerkboy
  • 13
  • 1
  • 1
  • 4
  • title says "Haproxy with multiple ports on fronent and backend", so I'm asking — where're multiple port on backend's side then? – poige Jan 18 '19 at 17:28

1 Answers1

1

It looks fine. If you don't specify a port then it will use the same port that it hit on the front end. So if it hit 10.10.90.10:500 on the front end it would go to 10.10.90.21:500 etc. As for the health check either check a single port - or maybe use an external health check script if you need something more complicated i.e. a multi-port check.