Categories
Guide Networking

HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

A less-known feature in HAProxy is its ability to use DNS records for Service Discovery — instead of specifying the backends by IP addresses, HAProxy can resolve them by DNS names. Doing so provides the following benefits:

  • Follow servers as they move from one IP to another without changing and reloading your configuration (in elastic cloud and microservices deployments where IP address changes frequently)
  • Enable dynamic scaling of backend servers (you can add backend servers simply by inserting additional DNS records)

Below is a sample configuration using HAProxy DNS resolver in backend checks:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        server-state-file /etc/haproxy/server-state
        user haproxy
        group haproxy
        daemon
        maxconn 2000000

defaults
        load-server-state-from-file global
        log     global
        mode    tcp
        option  abortonclose
        option  dontlognull
        option  tcp-check
        option  redispatch
        timeout connect 1200ms
        timeout client  300s
        timeout server  300s
        timeout check   2s
        retries 1
        retry-on        empty-response conn-failure response-timeout

resolvers mydns
        nameserver cf1 1.1.1.1:53
        nameserver cf2 1.0.0.1:53
        accepted_payload_size 8192

listen stats
        mode http
        bind *:80
        stats enable
        stats refresh 15s
        stats uri /stats

frontend	proxy-in        
                bind *:443
                default_backend proxy-out
backend         proxy-out
                server p201 p201.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h
                server p301 p301.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h
                server p401 p401.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h

Leave a Reply