HAPROXY Route through lookups

Discover how HAProxy enhances routing efficiency through lookups. Learn best practices and tips to optimize your HAProxy setup for seamless routing.


Introduction

Have you ever wondered how some websites manage to load so quickly and handle traffic spikes without breaking a sweat? The secret often lies in efficient load balancing and routing. Enter HAProxy, a robust solution for routing through lookups. In this guide, we’ll delve into how HAProxy can streamline your routing processes and ensure your backend systems are always responsive.

Understanding HAProxy

HAProxy, short for High Availability Proxy, is an open-source software that provides a reliable, high-performance load balancer and proxy server. It’s designed to improve the performance and reliability of your web applications by distributing the workload across multiple servers.

Why Use HAProxy?

HAProxy stands out due to its versatility and efficiency. It supports a wide range of protocols, including HTTP, HTTPS, and TCP, making it an ideal choice for various applications. Additionally, HAProxy’s routing capabilities through lookups enhance its functionality, ensuring requests are efficiently directed to the appropriate backend servers.

Key Features of HAProxy

Setting Up HAProxy for Routing Through Lookups

To leverage HAProxy’s full potential, you need to set it up correctly. Here’s a step-by-step guide:

1. Installing HAProxy

Installing HAProxy on Ubuntu

Installation is straightforward. On Ubuntu, you can install HAProxy using the following command:

sudo apt-get install haproxy

Installing HAProxy on Mac OS

Setting up HAProxy on Mac OS is straightforward with Homebrew, a popular package manager for macOS. Follow these steps to install and configure HAProxy:

If you don’t already have Homebrew installed, you can install it by running the following command in your Terminal:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Homebrew simplifies the installation of software on macOS.

With Homebrew installed, you can now install HAProxy by running the following command:

brew install haproxy

This command downloads and installs the latest version of HAProxy on your system.

2. Configuring HAProxy

Once installed, you need to configure HAProxy to handle routing through lookups. This involves editing the /etc/haproxy/haproxy.cfg file.

Sample Configuration

Below is a sample configuration for routing based on the presence of a specific header:


frontend default
  bind [::]:80
  bind [::]:443 ssl crt /etc/haproxy/ssl/cert.pem
  acl ACL_domain.com hdr(host) -i domain.com
  use_backend mybackend if ACL_domain.com


backend mybackend
    server server1 192.168.1.10:80 check

backend default_backend
    server server2 192.168.1.20:80 check

In the above example, you can see that we can bind multiple ports to the same front end and set up conditions to route the backend based on the request. Haproxy offers multiple options to route your request based on a variety of conditions.

Advanced Routing Techniques

HAProxy’s true power lies in its advanced routing capabilities. Let’s explore some of these techniques.

Lookup Routing

HAProxy allows you to route traffic conditionally based on various criteria, such as request paths, headers, or cookies.

In the following example, we will demonstrate the power of routing through lookup that can be managed from different sources.

Example

The HAProxy configuration below sets up a frontend to handle both HTTP and HTTPS traffic, enabling SSL termination and gzip compression for optimized performance. It defines ACLs to identify lookups through query parameters, cookies, and headers and captures these values for routing decisions. The configuration uses SNI (Server Name Indication) to determine the appropriate backend in SSL scenarios. Based on the captured lookup value, HAProxy maps requests to specified backends using a lookup map file. If no match is found, it returns a 400 Bad Request. This setup ensures efficient request routing and load balancing, leveraging HAProxy’s advanced features.

#haproxy.cfg 
frontend default
  bind [::]:80
  bind [::]:443 ssl crt /path/to/your/ssl
  # Enable compression to optimize request speed
  compression algo gzip
  compression type text/html text/plain text/css application/javascript application/json
  
  mode http
  option httplog
  option dontlognull
  
  # Find a lookup through URL like ?lookup=XXX
  acl has_lookup_query urlp(lookup) -m found
  # Find a lookup through cookie "lookup"
  acl has_lookup_cookie req.cook(lookup) -m found
  # Find a lookup through header "x-lookup"
  acl has_lookup_header req.hdr(x-lookup) -m found
  
  # Print values for debugging
  http-request capture req.cook(lookup) len 64
  http-request capture req.hdr(X-Lookup) len 64
  http-request capture urlp(lookup) len 64
  
  # Get lookup through SNI
  http-request set-var(txn.sni) ssl_fc_sni
  http-request capture var(txn.sni) len 64
  
  # Check if SNI is present
  acl sni_exists var(txn.sni) -m found
  
  # Set a variable based on the SNI or the Host header
  http-request set-var(txn.lookup_key) var(txn.sni) if sni_exists
  http-request set-var(txn.lookup_key) urlp(lookup) if has_lookup_query !sni_exists
  http-request set-var(txn.lookup_key) req.cook(lookup) if has_lookup_cookie !sni_exists
  http-request set-var(txn.lookup_key) req.hdr(X-Lookup) if has_lookup_header !sni_exists
  
  http-request capture var(txn.lookup_key) len 64
  
  use_backend %[var(txn.lookup_key),lower,map(/usr/local/etc/haproxy/lookup.map,no-match)]

backend no-match
  mode http
  http-request deny deny_status 400

backend backend_1
  mode http
  balance roundrobin
  server server_1_1 192.168.1.10:80 check
  server server_1_2 192.168.1.11:80 check

backend backend_2
  mode http
  balance roundrobin
  server server_2_1 192.168.2.10:80 check
  server server_2_2 192.168.2.11:80 check

#.. add lookups backends 

Lookup Map File (lookup.map)

Create a lookup map file to route your backend based on the lookup values.

#lookup.map
lookup_value_1 backend_1
lookup_value_2 backend_2

Important Note on SSL and SNI

Some requests are performed through a CONNECT request first in SSL. This means that you cannot handle lookups through request headers, cookies, or query parameters. However, you can use SNI (Server Name Indication) to catch the lookup, which will allow you to route these kinds of requests effectively.

SSL Termination

The bind [::]:443 ssl crt /path/to/your/ssl line handles SSL termination, where HAProxy manages the SSL/TLS handshake and decrypts the traffic before forwarding it to the appropriate backend. Ensure you replace /path/to/your/ssl with the actual path to your SSL certificate file.

Optimizing Performance with HAProxy

Performance optimization is key to handling high traffic volumes. Here are some tips to optimize HAProxy:

1. Tuning Timeouts

Adjust timeouts to balance between performance and resource usage:


defaults
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

2. Load Balancing Algorithms

Choose the right load balancing algorithm based on your needs:

Conclusion

HAProxy is a powerful tool for efficient routing and load balancing. By leveraging its advanced features and fine-tuning your setup, you can ensure high availability, security, and performance for your web applications. Whether you’re routing based on headers, paths, or handling SSL termination, HAProxy has got you covered.

Keywords: HAProxy routing, routing through lookups, backend

Share this: