How to ensure all clients are connected to one server only
I have 3 servers setup: 1 primary, 2 backups. I used the following configuration: backend pg_production_backend option pgsql-check user pg_user server primary pghost.primary:5432 check on-marked-down...
View ArticleLoad Balance with SNI Question
From the excellent article here I have used this technique for years now, but i wonder would it be possible to dynamically use subdomain (from example linked) - as poart for naming the the backend...
View ArticleNeed help with HAPROXY https when apps share the SSL cert
Here is my setup - frontend HTTPS bind *:443 mode tcp option tcplog tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } acl HTTPS1 req.ssl_sni -i app1.domain1.com acl...
View ArticlePfsense HAProxy Error when trying to access ACME certificate
After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificate it is. Error generated is: Errors found while starting haproxy [NOTICE] (86157) :...
View ArticleHow to enable DDoS protection?
Hi there, I’m using HAP on and off for a bit now and now I’m trying confgure DDoS protection per frontend, to block a connection for 5 mints, if it receives more than 200 requests per second from the...
View ArticleHAProxy for LDAP Servers
Hi, I work at a large organization and most of our applications use LDAP authentication. We currently have multiple Windows ADDS Servers for that purpose and each app points to a specific ADDS server....
View ArticlePort in frontend different from port in backend
Hi all, I am trying to set up the frontend by binding it with a certain port and then forwarding it to the backend. The problem is the backend is on a different port and the request comes with another...
View ArticleClik here to view.
TLS 1.3 strict configuration
I am trying to configure my HAProxy such that my clients strictly use TLS 1.3 , for that I am using ssl-min-ver however client negotiation with HAProxy is still failing for TLS 1.3 yet allowing ito...
View ArticleLoad balancer for the DB cluster, restrictions to the database through the...
I’m configuring haproxy as a load balancer in a cluster. The idea is to limit access to the database to only allowed addresses. Databases percona operator for mysq. The configuration is as follows:...
View ArticleHaproxy suddenly stops forwarding
Out of a suddon (suddenly) haproxy does not forward any more to the backend. After a systemctl restart haproxy.service it works again like it should. I can not tell how often this happens. But this...
View ArticleHAProxy SRV Record Limit of 5
I am using HAproxy 2.8.1 for loadbalancing a set of backend statefulset pods in Kubernetes. Does anyone knows if there is a HAProxy limit for SRV records while using server-templates, it seems it is...
View ArticleSynology DSM PROXY Support with HAProxy
I am using HAProxy 2.6.15-446b02c on a physical OPNSense Firewall. Behind my firewall I have a Synology DS720+ NAS running DSM 7.2 Update 1 with Synology Drive. Internet —> WAN → HAProxy → LAN →...
View ArticleRspirep - HAProxy Upgrade - Help Needed!
Hi All, I have just upgraded from 1.5.2 to 2.4.14 , and as you may all know rspirep is no longer supported, and I need to use http-response replace-header instead, but am having issues getting it...
View ArticleClik here to view.
Debug 400 error?
I have a case where some requests gets return a 400 error from haproxy, others not. The requests themselves look very similar. I would like to find out what is the reason for the 400 error. Can you...
View ArticleShould we use compiled binaries or PPA version of HA Proxy
Hi All We are trying to upgrade our current haproxy installation as given below: OS: Ubuntu 18.04.6 LTS (Bionic Beaver) HA Version: 1.8.8-1ubuntu0.13 Now we want to upgrade it to v2.6 so which of the...
View ArticleSend-proxy in tcp mode with encrypted traffic
Hello, i think i have currently an problem with understanding haproxies mode { tcp|http }. I have a tcp frontend and a tcp backend wich connects 4 ExChangeservers. Incoming traffic is typical https...
View ArticleCheck multi ports backend
Hi everyone, on the net I found examples of how to check the frontend but not the backend. I need to check some backend ports. The backends are configured in clusters for both the 3306 db and the 8090...
View ArticleHAProxy randomly forwards Connection to only one of two Backend Servers...
Hello, I currently have the problem that HAProxy randomly forwards connections to only one of two backend servers. Both servers pass the healthcheck and are marked as online. The stick-table is also...
View ArticleHAProxy for Exchange 2019 with different internal and external domain names
Hello to everyone. I’m a newbie in proxying anything, please give me some help. I have 1 Exchange 2019 server. Internal domain name (inside organisation perimeter) is mail.a.local External domain name...
View ArticleCan HA proxy be used to proxy postgres replication connections?
Hi! We have a use case where we need to proxy the AWS RDS postgres instance on to a virtual machine on google cloud. From there we are attempting to set replication between the cloudsql postgres...
View Article