Questions tagged as ['haproxy']

HAProxy is an open source, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing.
Score: 0
Eos Antigen avatar
Basic auth and data from curl to HAProxy backend not working on TLS Termination - but works on TLS passthrough
ru flag
listen pki
    bind *:8884 ssl no-sslv3 crt /HAPROXY.pem.ecdsa verify required ca-file /CA_CHAIN.pem
    mode http
    http-request add-header Content-Type "application/pkcs10"
    http-request add-header Content-Transfer-Encoding "base64"
    http-request add-header Authorization "Basic somebase64encodedstring"
    default_backend pkis_1
backend pkis_1
    mode http
    http-request add-header Conte ...
Score: 0
Himanshu Poddar avatar
How to check in what request-response mode my HAProxy is operating in?
ma flag

I have read that

Load balancers/reverse proxies usually have 2 operation modes.

In the first one, the requests from the clients are forward to one of the backends as is if they come directly from the source. Is this case the LB only redirects the request and the backend answers back directly to the client.

On the second mode, the LB answers the request and then creates a new one to the backend with  ...

Score: 0
redundant load balancer for Tomcat
jp flag

I have three Tomcat webservers in a VMWare cluster.

In the first place we thought of using Apache as a load balancer in physical server but this would be a SPOF.

I have searched around and I found this discussion but I would need some more info. Does it make sense to include the two (or more) HAProxy servers as virtual machines and not run them on physical servers? Can this active-passive configurati ...

Score: 0
ACL to block certain vcloud pages unless from certain IPs
sg flag

I have a need to block a tenant URL in vcloud and have managed to do this for the direct attempts, ie, but I can't seem to block the


I need to wildcard, it but how do I do that in HAProxy-speak?

This is what I have at present:

acl trusted_ip src IP1

acl trusted_ip src IP2

acl trusted_ip src IP3

acl truste ...

Score: 0
I am trying to connect to RDS (mysql) with haproxy, but sometimes I can't connect
de flag

I have mysql built on AWS.

Sometimes I get the following error when connecting via haproxy.

ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

This does not happen every time, but sometimes the connection succeeds.

Please let me know as the cause is unknown.

Score: 0
HA-Proxy - trying to create different paths for my docker containers but only default_backend works
us flag

I have my haproxy container called 'proxy_container' running on port 80 on my localhost. With two other containers called 'client_container' which is just an html file, and 'server_container' which is a nodejs basic api I wrote. All connected to a single docker network called 'appnet'.

docker ps:

    CONTAINER ID   IMAGE          COMMAND                  CREATED              STATUS              PORTS  ...
Score: 1
Himanshu Poddar avatar
KeepAlived service running but does not executes the check haproxy script
ma flag

I have configured a failover load balancer, so that it acts as a backup whenever my primary goes down. So I have setup Keepalived that switches the floating virtual IP address to the other machine whenever it is unable to find the service HAProxy running on other machine. The IP addresses mentioned in conf file are present on my eth1 interface.

On my primary load balancer I am getting

systemctl status ke ...

Score: 0
shmuel wachtfogel avatar
Is it possible to terminate ssl between servers behind haproxy, using the existing haproxy's ssl termination
sa flag

photo of my architecture

I have an haproxy server doing SSL termination for traffic from the internet and a domain name GitLab.private pointing to it(orange path in the picture).

The problem I'm facing is when I want to access https://gitlab.private from another backend server I'm getting an error because GitLab.private is expecting HTTP from within the backend(green path in the picture).

I thought perhaps there is a way I can u ...

Score: 0
How to persist configuration changes made to HAProxy via its API?
fr flag

I've been playing with HAProxy's APIs to disable servers and health checks. My plan is to eventually be able to add servers without restarting HAProxy.

But what happens if the server that runs HAProxy gets restarted? Is there a way for HAProxy to dump its in-memory settings to a configuration file so that it run as it was before a restart?

Score: 0
Himanshu Poddar avatar
Binding multiple IP on single listen throws error in HAProxy
ma flag

I have a LB which is redirecting request in a round robin mechanism to my 4 servers configured. I have assigned a floating IP address(LOADBALANCERFLOATINGIPADDRESS) to the machine. Now I want my LB to listen on both the IP address. So I tried binding to both the IP address in listen but that does not works.

sudo nano /etc/haproxy/haproxy.cfg

#HAProxy for web servers
frontend web-frontend
  bind LOADBALAN ...
Score: 0
Himanshu Poddar avatar
Unable to access web service with floating IP address assigned to my machine
ma flag

I have a machine for which I have assigned a floating IP address. That machine is also my load balancer. I can access my service easily using the IP address of load balancer.

However I am unable to access it using the floating IP address which was assigned to my load balancer machine.

sudo nano /etc/haproxy/haproxy.cfg

        log     global
        mode    http
        option  httplog
Score: 0
VcDeveloper avatar
In Using pfSense HAProxy - to check the url if it has a sub domain name
us flag

I have a wildcard Cert and need to direct any sub domain name that does not exist to a custom 503 error page and don’t want to use the Frontend’s Error files feature nor its default 503 page. I want my Backend’s to handle all error pages, but on the server side.

I see in the Access Control lists / Table / Expression has Host regex, Path regex, Url parameter contains. Which one can I use to  ...

Score: 0
Sergio Dulcey avatar
docker swarm - highly available database
it flag

I am using high availability on two servers, where I use docker swarm with two manager nodes (one is the leader) with their respective applications (backend and frontend) and I use haproxy to redirect to a single IP.

I have a problem with the database with its data persistence, when I want to save data it is only saved in one and not in both.

What advice would you give me to solve this problem?

Score: 0
Ai N. avatar
Is HAProxy in front of Stunnel with SNIs possible?
cn flag

I have a working SSL Termination with STunnel in front of HAproxy.

Recently, the matter of adding support for HTTP/2 was thrown my way. That is easy with HAProxy, but, as a constraint, STunnel must stay.

The reason for STunnel needing to stay is about 17000 lines of SNIs and the possibility of managing those via an already in place API.

I could very well add a cert-list for HAProxy containing the SNIs, ...

Score: 0
HAProxy Timeouts and Streaming Backend - Hangs Forever
ru flag

I have a backend behind haproxy that streams a file to the client using a CGI script. I'm trying to set a timeout for my backend servers. All works fine, except for this timeout.

When I set the "timeout server" option in the haproxy config to 1 second (just to test - the backend takes 2-3 seconds at a minimum), and make a request, after 1 second it puts an entry into the log file for the backend  ...

Score: 0
Simple haproxy TCP passthrough results in very slow network transfer speed
br flag

I've setup a simple haproxy instance on a clean install of Debian 10 Buster. I've added some simple necessary config to enable the passthrough to the IP address in question (which has been redacted in the below config).

The config file:

    log /dev/log    local0
    log /dev/log    local1 notice

    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-f ...
Score: 0
Jason Stanley avatar
Send traffic to only one Ingress Controller Pod
us flag

I am using HA Proxy as my Ingress Controller. It is setup with 2 replicas. Meaning traffic reaching the Ingress Controller LB service can be routed to 2 pods.

My end user application has 3 replicas. The end user service is configured with sessionAffinity:ClientIP meaning that sessions between ingress controller pods and application pods are session stuck.

This causes an issue when the 2 ingress c ...

Score: 1
AkilaMK avatar
How to add custom SSL certificates to cluster Kubernetes
de flag

I have a Kubernetes cluster with 2 master and 3 worker nodes also I have a separate Haproxy server with public IP.

By default, kubeadm generates all the certificates required for the cluster and stores the certificates in /etc/kubernetes/pki

As per the documentation, we can place our one or many custom certificates and relevant keys in the /etc/kubernetes/pki and execute kubeadm init command to genera ...

Score: 0
xembil avatar
haproxy not accepted my full URL
sa flag

I install and configure haproxy v1.4 on solaris machine i sessufuly add two weblogic servers and i can see the uptime and downtime on mangement. my quastion is i give my weblogic url http://192.168.xx.xx:7001/pp21/loginft.jsf but the haproxy only read the url 192.168.xx.xx:7001 and it give me error. How to add full url on haproxy.cfg and access using my *:80

Error 404--Not Found From RFC 2068 Hyp ...

Score: 0
Computroniks avatar
Freeipa web interface behind HAProxy
us flag

I am trying to configure the FreeIPA web interface to work behind my HAProxy instance. I found an old GitHub Gist for the configuration ( as well as a medium article ( but in both cases they make use of the rspirep command, something which is no longer suppor ...

Score: 0
HAProxy with same request sometimes responding with NOSRV while backend is up
tr flag

Im making the same request(POST /user/oauth) to haproxy but sometimes i get 503, sending requests directly to the backend always works

here is the logs:

  1. local_server~ app/s2 0/0/0/100/100 200 813 - - --VN 1/1/0/0/0 0/0 "POST /user/oauth HTTP/1.1"
  2. local_server~ app/s1 0/0/1/107/108 200 820 - - --NI 1/1/0/0/0 0/0 "POST /user/oauth HTTP/1.1"
  3. local_server~ app/NOSRV 0/-1/-1/-1/0 503 216 - - SCNN 1/1 ...
Score: 0
Joshua avatar
haproxy SSL/TLS Passthrough Proxy not working?
gb flag

I want to setup haproxy as simple tcp-proxy. Below is my configuration. When I try to send e-mail via Thunderbird(pointing smtp to ip_of_my_host:8123) or simple python script I get an error about not valid certificate or certificate error. I thought Layer 4 doesn't care about it at all. Isn't SSL/TLS a L7 feature? So how setup it properly?

 frontend smtp
  bind *:8123
  mode tcp
  default_backend s ...
Score: 0
richv avatar
Using environment file in haproxy container
in flag

Im trying, unsuccessfully, to run the official haproxy container ( with an environment file per (something like this to allow me to substitute vars in my haproxy.cfg, example:

## env.txt
## haproxy.cfg


frontend somefro ...
Score: 0
SoT avatar
HAProxy path_beg error - 503 service unavailable
us flag

Given a backend that running on:

curl tested:

curl --location --request GET ""
sample_response    //>> HERE IS RESPONSE

On another host, I install and config haproxy:

    log         /dev/log local0
    chroot      /var/lib/haproxy
    pidfile     /var/run/
    maxconn     4000
    user        haproxy
Score: 0
pepsi-maniac avatar
haproxy resolving dns name after the fact
cn flag

I"m getting a nosrv error. In this case its expected, since the drone address can't be resolved. Its from a docker network.

gateway_1          | [WARNING]  (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:50] : 'server D4M1' : could not resolve address 'drone', disabling server.
gateway_1          | [NOTICE]   (1) : New worker #1 (8) forked
gateway_1          | <150>Mar 26 06:35:23 haproxy[8 ...
Score: 0
Badb0y avatar
Haproxy rate limit monitoring
pm flag

I’m using rate limiting with my haproxy18 and I’d like to somehow squeeze out metrics from it based on ip addresses, who is close to the limit or how the users are hitting the limits.

This is my config related to rate limiting:

    stick-table type ip size 1m expire 10s store http_req_rate(10s)

    tcp-request inspect-delay 10s
    tcp-request content track-sc0 src
    http-request deny deny_ ...
Score: 0
Fox Chasin avatar
I have load balancer configured on Haproxy. Can load balancer redirect traffic from port 1 backend to port 2 backend if port 1 is busy this moment
cw flag

In ha-proxy I separated my traffic to two frontend ports and created two backends. Port-1 traffic is directed both backend and port 2 traffic is directed two backend-2. I want to create a smart load balancer that detects if backend 2 is busy whit port 2 queries it will automatically send the traffic of port 1 to backend 1.

       log /dev/log    local0
       log /dev/log    local1 notice
Score: 0
Linsane avatar
Using HAproxy to redirect incoming traffic to docker
es flag

We are currently using HAproxy to redirect incoming traffic to our domain example.domain to our containers, which are only accessible via the local interface (e.g.

To achieve this our current config looks something like this:

    mode http
    timeout connect 5000
    timeout check 5000
    timeout client 20000
    timeout server 20000

frontend domain
    bind *:80
    bind  ...
Score: 0
proxing everything with Haproxy
cn flag

is it possible to not define backend in Haproxy configuration to make a proxy for every TCP connection? So if I will try to connect from host A(sftp,ssh,smtp) through HAproxy it will always reach destination.

Score: 0
B.U avatar
Experiencing latency with haproxy load balancer
it flag

I'm experiencing high latency with haproxy load balancer when backend configuration uses private network IP addresses.

But when I replace backend server addresses with public IP address or Reverse DNS name I experience no latency.

  • What is causing the latency?
  • If one uses public IP or fqdn or Reverse DNS name, does network traffic bypasses haproxy?
  • Is it allowed to use public IP or fqdn or Revers ...