Hello, Patch attached. Adding an option "http-check send-name-header <header>". It adds a header per server in healthchecks, similar usage to "http-send-name-header". Built and tested locally.
frontend myfrontend
bind *:8080
mode http
default_backend mybackend
backend mybackend
mode http
balance roundrobin
stats enable
stats uri /stats
http-send-name-header Host
option httpchk GET /
http-check send-name-header Host
http-check expect status 200
default-server inter 5s fall 2 rise 2
server myapp.example.com myapp.example.com:1234 check
-----Original Message-----
From: Willy Tarreau [mailto:[email protected]]
Sent: 23 October 2019 03:37
To: Igor Cicimov <[email protected]>
Cc: Morotti, Romain D (CIB Tech, GBR) <[email protected]>; HAProxy
<[email protected]>; Sayar, Guy H (CIB Tech, GBR) <[email protected]>
Subject: Re: [PR/FEATURE] support for virtual hosts / Host header per server
On Wed, Oct 23, 2019 at 08:52:58AM +1100, Igor Cicimov wrote:
> Sorry misread your issue. It is a strange setup you got there wonder
> why do you need cross DC load balancing on the k8s ingress when you
> are already doing it globally via DNS?
Agreed, for me the setup is completely shifted by one level. There's a reason
many people set their backend section names to the virtual host
names: an application or a service corresponds to a virtual host name.
And that's not something related to haproxy but to the HTTP protocol.
Servers will emit redirects and cookies mentioning the same host name, HTML
pages will contain URLs mentioning the same host name thus all servers part of
a same farm must absolutely use the same Host header.
Here my impression is that the application is strangely architected and tries
to use haproxy to work around an architecture mistake. In short, instead of
using the frontend to route to different backends, it uses the backend to route
to different servers. Since header manipulation rules are per-backend, here
obviously it creates an issue as the manipulation unsurprizingly happens at the
wrong step.
I'm not against seeing how we can make haproxy easier to use to work around
such broken setups, but I'm really not willing to make it more confusing to use
for everyone just for the sake of working around such mistakes. Typically we
need to rework health checks to make them easier to configure and make it
possible to send per-server variations as I proposed in a previous e-mail in
this thread.
Cheers,
Willy
This message is confidential and subject to terms at:
https://www.jpmorgan.com/emaildisclaimer including on confidential, privileged
or legal entity information, viruses and monitoring of electronic messages. If
you are not the intended recipient, please delete this message and notify the
sender immediately. Any unauthorized use is strictly prohibited.
patch.diff
Description: patch.diff
