HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing

A less-known feature in HAProxy is its ability to use DNS records for Service Discovery — instead of specifying the backends by IP addresses, HAProxy can resolve them by DNS names. Doing so provides the following benefits:

Follow servers as they move from one IP to another without changing and reloading your configuration (in elastic cloud and microservices deployments where IP address changes frequently)
Enable dynamic scaling of backend servers (you can add backend servers simply by inserting additional DNS records)

Below is a sample configuration using HAProxy DNS resolver in backend checks:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        server-state-file /etc/haproxy/server-state
        user haproxy
        group haproxy
        daemon
        maxconn 2000000

defaults
        load-server-state-from-file global
        log     global
        mode    tcp
        option  abortonclose
        option  dontlognull
        option  tcp-check
        option  redispatch
        timeout connect 1200ms
        timeout client  300s
        timeout server  300s
        timeout check   2s
        retries 1
        retry-on        empty-response conn-failure response-timeout

resolvers mydns
        nameserver cf1 1.1.1.1:53
        nameserver cf2 1.0.0.1:53
        accepted_payload_size 8192

listen stats
        mode http
        bind *:80
        stats enable
        stats refresh 15s
        stats uri /stats

frontend	proxy-in        
                bind *:443
                default_backend proxy-out
backend         proxy-out
                server p201 p201.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h
                server p301 p301.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h
                server p401 p401.domain.com:443 maxconn 1024 check resolvers mydns init-addr none fall 2 rise 15 on-marked-down shutdown-sessions slowstart 1h

Comments

Leave a ReplyCancel reply