frontend – Eliminating All the SPOFs! An Exercise in Redundancy

Share this post on:

frontend

The frontend section of the HAProxy configuration file offers various options to manage incoming traffic behavior. These options can be used to control the traffic on a frontend. Here are some commonly used frontend options:

  • bind: Defines the IP address and port on which the frontend will listen for incoming traffic. For example, bind *:80 listens on all IP addresses on port 80.
  • mode: Specifies the mode of the frontend, such as http, tcp, or ssl. For HTTP traffic, use mode http. If you want to load balance a generic TCP port, use mode tcp.
  • option: Enables or disables specific options for the frontend. Some commonly used options are as follows:
    • option httplog: Enables HTTP request/response logging
    • option dontlognull: Prevents logging of requests with missing or empty user-agent strings
    • option forwardfor: Adds the client’s IP address to the HTTP request headers when using HTTP proxy mode
    • option http-server-close: Forces the server connection to close after processing a request, rather than using keep-alive
  • timeout: Configures various timeouts for the frontend:
    • timeout client: Sets the maximum allowed time for the client to establish a connection and send data
    • timeout server: Sets the maximum allowed time for the server to respond to a request
    • timeout connect: Sets the maximum time to wait for a connection to the backend server
  • acl: Defines rules for matching specific conditions. ACLs are used in conjunction with backend configurations to control traffic routing based on various criteria.
  • use_backend: Specifies which backend to use for handling traffic that matches specific ACL conditions. It allows you to direct traffic to different backend servers based on certain conditions.
  • default_backend: Defines the default backend to use if no ACL conditions match the incoming traffic.
  • redirect: Performs a URL redirection for specific conditions. For example, you can use the https://example.com redirect location to redirect HTTP traffic to HTTPS.
  • http-request and http-response: These are used to add custom HTTP request/response headers or to perform specific actions based on HTTP request/response data.
  • capture: Captures parts of the request or response headers and saves them into variables.

For the sample frontend, we will define the frontend as www_app binding to all IPs on the load-balancer system on port 80. This looks like the following figure:

Figure 6.4 – Example frontend

backend

When using HAProxy, the backend options play a crucial role in configuring the behavior of backend servers and the routing of traffic toward them. These options are specifically designated within the backend section of the HAProxy configuration file. Here are some frequently utilized backend options:

  • mode: Specifies the mode of the backend, such as http, tcp, or ssl. For HTTP traffic, use http mode.
  • balance: Defines the load-balancing algorithm to distribute traffic across backend servers. Common options include the following:
    • balance roundrobin: Requests are distributed in a round-robin fashion to each server in sequence
    • balance leastconn: Traffic is sent to the server with the lowest number of active connections
    • balance source: Based on a hash of the client’s IP address, traffic is directed to a specific server consistently
  • server: Defines the backend servers and their addresses, ports, and optional parameters.
  • timeout: Configures various timeouts for the backend:
    • timeout server: Sets the maximum allowed time for the server to respond to a request
    • timeout tunnel: Configures the maximum time allowed to establish a tunnel (used in TCP mode)
  • http-request and http-response: Similar to frontend options, these are used to add custom HTTP request/response headers or perform specific actions based on HTTP request/response data.
  • cookie: Configures sticky session persistence using cookies. It allows the backend server to be selected based on a specific cookie value from the client.
  • check: Enables health checks for backend servers to determine their availability. If a server fails the health check, HAProxy will stop sending traffic to it until it recovers.
  • option: Enables or disables specific options for the backend. Some commonly used options include the following:
    • option httpchk: Enables HTTP health checks instead of TCP health checks
    • option redispatch: Allows HAProxy to reselect a server if the connection to the selected server fails
  • errorfile: Specifies a file to use as a custom error page for backend server errors.

In the sample backend, it is defined as www_servers and will use roundrobin load balancing against the web1 and web2 servers:

Figure 6.5 – HAProxy sample backend

Note

It is highly recommended to always use the check option for your servers. If you do not run the checks, the system will still send traffic to the server!

Share this post on:

Leave a Reply

Your email address will not be published. Required fields are marked *