Our current infrastructure requires 2 reverse proxies to reach several backends.
Obviously we are using HAProxy for that 
+------------+ +------------+ +------------+ +------------+
| | | | | | | |
| Client +-------->| HAProxy_1 +------->| HAProxy_2 +-------->| Backend |
| | | | | | | |
+------------+ +------------+ +------------+ +------------+
For simplicity of management, HAProxy_1 is working only in TCP mode.
Unfortunately with the standard L4 health check, HAProxy_1 is unable to detect if HAProxy_2’s backend is down as HAProxy_2 still accepts the TCP Connection.
I understand that HAProxy is not able to close the port as per this discussion: Is there a way to close a listener port when all backends went down?
I tried having HAProxy_2 reject the connection using
tcp-request connection reject if { nbsrv() lt 1 }
but this does not help.
I implemented an external health check in HAProxy_1 using a small Rust program that just opens a TCP connection and sees if it is closed by the remote in less than 100ms. This works perfectly.
Is there a better (without external health check) way ?
If not, wouldn’t it be a nice feature to add in HAProxy (between the L4 basic check and the protocol specific checks) ?
4 posts - 2 participants