2015-09-11 10:55 GMT+02:00 Baptiste <[email protected]>: > On Fri, Sep 11, 2015 at 10:41 AM, Tim Verhoeven > <[email protected]> wrote: > > Hello everyone, > > > > I'm mostly passive on this list but a happy haproxy user for more then 2 > > years. > > > > Now, we are going to migrate our platform to a new provider (and new > > hardware) in the coming months and I'm looking for a way to avoid a > one-shot > > migration. > > > > So I've been doing some googl'ing and it should be possible to use the > proxy > > protocol to send traffic from one haproxy instance (at the old site) to > the > > another haproxy instance (at the new site). Then at the new site the > haproxy > > instance there would just accept the traffic as it came from the internet > > directly. > > > > Is that how it works? Is that possible? > > > > Ideally the traffic between the 2 haproxy instances would be encrypted > with > > TLS to avoid having to setup an VPN. > > > > Now I haven't found any examples of this kind of setup, so any pointers > on > > how to set this up would be really appriciated. > > > > Thanks, > > Tim > > > Hi Tim, > > Your usecase is an interesting scenario for a blog article :) > > About your questions, simply update the app backend of the current > site in order to add a new 'server' that would be the HAProxy of the > new site: > > backend myapp > [...] > server app1 ... > server app2 ... > server newhaproxy [IP]:8443 check ssl send-proxy-v2 ca-file > /etc/haproxy/myca.pem crt /etc/haproxy/client.pem > > ca-file: to validate the certificate presented by the server using > your own CA (or use DANGEROUSLY "ssl-server-verify none" in your > global section) > crt : allows you to use a client certificate to get connected on the > other HAProxy > > On the newhaproxy (in the new instance): > > frontend fe_myapp > bind :80 > bind :443 ssl crt server.pem > bind :8443 ssl crt server.pem accept-proxy-v2 > > > > You can play with weight on the current site to send a few request to > the newhaproxy box and increase this weight once you're confident. > > Baptiste > >
Hi Tim, i'm having a similiar use case (smooth migration from 1.5 to 1.6). I've recently blogged about this: http://godevops.net/2015/09/07/testing-new-haproxy-versions-with-some-sort-of-ab-testing/ --------------------- Best Regards / Mit freundlichen Grüßen Bjoern
