On Fri, Sep 11, 2015 at 10:41 AM, Tim Verhoeven <tim.verhoeven...@gmail.com> wrote: > Hello everyone, > > I'm mostly passive on this list but a happy haproxy user for more then 2 > years. > > Now, we are going to migrate our platform to a new provider (and new > hardware) in the coming months and I'm looking for a way to avoid a one-shot > migration. > > So I've been doing some googl'ing and it should be possible to use the proxy > protocol to send traffic from one haproxy instance (at the old site) to the > another haproxy instance (at the new site). Then at the new site the haproxy > instance there would just accept the traffic as it came from the internet > directly. > > Is that how it works? Is that possible? > > Ideally the traffic between the 2 haproxy instances would be encrypted with > TLS to avoid having to setup an VPN. > > Now I haven't found any examples of this kind of setup, so any pointers on > how to set this up would be really appriciated. > > Thanks, > Tim
Hi Tim, Your usecase is an interesting scenario for a blog article :) About your questions, simply update the app backend of the current site in order to add a new 'server' that would be the HAProxy of the new site: backend myapp [...] server app1 ... server app2 ... server newhaproxy [IP]:8443 check ssl send-proxy-v2 ca-file /etc/haproxy/myca.pem crt /etc/haproxy/client.pem ca-file: to validate the certificate presented by the server using your own CA (or use DANGEROUSLY "ssl-server-verify none" in your global section) crt : allows you to use a client certificate to get connected on the other HAProxy On the newhaproxy (in the new instance): frontend fe_myapp bind :80 bind :443 ssl crt server.pem bind :8443 ssl crt server.pem accept-proxy-v2 You can play with weight on the current site to send a few request to the newhaproxy box and increase this weight once you're confident. Baptiste