HAProxy combined with confd for HTTP load balancing and path matching
This is based on yaronr/haproxy-confd and cstpdk/haproxy-confd and xcompass/haproxy-confd
- HAProxy 1.6.x with confd 0.12.0-alpha
- Uses zero-downtime reconfiguration (e.g - instead of harpy reload, which will drop all connections, will gradually transfer new connections to the new config)
- Added support for url rexeg (not reggae, damn you spell checker) for routing, in addition to the usual hostname pattern
- Added validation for existence of keys in backing kv store, to prevent failures
- Used official Alpine HAProxy as base to reduce the size of the image
- Added multiple domain support
- Added SSL/HTTPS support
- Added tests
Create the paths allowing confd to find the services:
etcdctl mkdir "/services" etcdctl mkdir "/tcp-services" etcdctl mkdir "/config"
Depending on your needs, create one or more services or tcp-services.
For instance, to create an http service with domain example.org/foo/bar/blech and load balancing on servers 220.127.116.11:80 (we'll call it nodeA) and 18.104.22.168:80 (called nodeB), run these commands:
etcdctl mkdir "/services/example" etcdctl set "/services/example/host" "example.org" etcdctl set "/services/example/path" "/foo/bar/blech" etcdctl set "/services/example/upstreams/nodeA" "22.214.171.124:80" etcdctl set "/services/example/upstreams/nodeB" "126.96.36.199:80"
Enable SSL/HTTP support
etcdctl mkdir "/config/services" etcdctl set "/config/services/enable_ssl" "true" etcdctl set "/services/example/scheme" "https"
Possible values for scheme are: http (default), https, http-and-https. If scheme is https, all traffic to http for the domain will be redirected to https.
Add pem certs/keys to keys directory to be mounted to the container.
Start the container making sure to expose port 80 on the host machine
docker run -e ETCD_NODE=http://172.17.42.1:2379 -p 1000:1000 -p 80:80 -p 443:443 -v `pwd`/keys:/keys compass/haproxy-confd
To add an upstream node, let's say nodeB2, 188.8.131.52:90, you just have to run this, and the configuration should safely be updated !
etcdctl set "/services/example/upstreams/nodeB2" "184.108.40.206:90"
To remove an upstream server, let's say ... nodeB2 (added by mistake ?), just run
etcdctl rm "/services/myapp/upstreams/nodeB2"
To remove a service, and so a directory, you must type
etcdctl rmdir "/services/example"
The commands for a tcp-service are the same but with tcp-services instead of services