plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

net/haproxy: Configure proxy Protocol for Healthchecks separately

Open r4nc0r opened this issue 2 years ago • 2 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x ] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [ x] When the request is meant for an existing plugin, I've added its name to the title.

Is your feature request related to a problem? Please describe. I have a real backend with proxy protocol v2 activated, this adds: send-proxy-v2 and check-send-proxy to each server line.

My Goal is to have a TCP service with a http-chk, because I have a web-app that monitors the tcp service health and exposes a http api with health information. Based upon this api I want to route my traffic.

The Web App is hosted in IIS, which sadly doesn't support proxy protocol at all. So I have to configure my real server only with send-proxy-v2 with the Default for server Input for the Backend.

Wouldn't it be better if one can configure the healthcheck with a dropdown for example: Proxy Protocol: none, version1, version 2 Like you can configure the Backend?

r4nc0r avatar Mar 24 '22 13:03 r4nc0r

@r4nc0r Could you provide an example haproxy.conf for your use-case? This would help me to figure this out. Thanks :)

fraenki avatar Mar 24 '22 20:03 fraenki

This is my Backend configuration now:

# Backend: BackendPool
backend BackendPool
    option log-health-checks
    # health check: Healthcheck
    option httpchk
    http-check send meth GET uri /api/healthcheck.aspx ver HTTP/1.1 hdr Host hostname.example.net
    http-check expect status 200
    mode tcp
    balance roundrobin
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 4s
    timeout check 5s
    timeout server 150m
    retries 2
    default-server verify none  send-proxy-v2
    server server1 ip-server1:someport check inter 2s port 443 check-ssl check-sni hostname.example.net  weight 1 backup 
    server server2 ip-server2:someport check inter 2s port 443 check-ssl check-sni hostname.example.net  weight 256 backup 
    server server3 ip-server3:someport check inter 2s port 443 check-ssl check-sni hostname.example.net

I added the send-proxy-v2 in the default-server config manually.

If you need anything else please let me know

r4nc0r avatar Mar 25 '22 08:03 r4nc0r