> If it bothers you (I don't really see why), you can increase the "inter"
> value on your servers to check them less often and as such refresh their
> address less often.

You can configure "hold valid <time>" to configure internal caching
(it should be 10 seconds by default though):

I post here a full configuration that produces the behaviour (sorry, it is long).
In my tests the DNS is contacted every second even if:
. I set "hold valid 5m"
. I disable the "check" for the servers

As I would expect, the resolution correctly happens only once for each server name even if the names are repeated in several backends.

This is not a big problem!
Thank you anyway



  nbproc 1
  log /var/lib/haproxy/dev/log local0
  user haproxy
  group haproxy
  stats socket /run/haproxy/admin.sock mode 660 level admin
  spread-checks 4
  hard-stop-after 2d
  ssl-server-verify none
  ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
  ssl-default-server-options ssl-min-ver TLSv1.2
ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256

  log global
  retries 3
  option redispatch
  option splice-auto
  balance roundrobin
  timeout connect 2s
  timeout client 2m
  timeout server 10m
  timeout check 4s
  timeout client-fin 20s
  timeout tunnel 1h
  timeout http-request 5s
  compression algo gzip
compression type text/html text/css text/javascript text/xml text/plain image/bmp image/x-icon image/svg+xml application/rss+xml application/javascript application/x-javascript application/xml application/xhtml+xml application/x-font application/x-font-truetype application/x-font-ttf application/x-font-otf application/x-font-opentype application/vnd.ms-fontobject application/x-amf application/x-shockwave-flash font/ttf font/otf font/opentype
  mode http
  option httplog
default-server inter 30s fastinter 15s downinter 60s fall 5 rise 3 resolvers systemd resolve-prefer ipv4 init-addr libc,none

resolvers systemd
  nameserver local
  hold valid 5m

frontend tesi-http
  bind name HTTP
bind name HTTPS ssl crt /etc/ssl/private/tesitest.uno.due curves X25519:P-256 alpn h2,http/1.1
  timeout client 10m

  option forwardfor
stick-table type ip size 1000 expire 10m store http_req_rate(10s),http_err_rate(10s)
  http-request track-sc0 src
  http-request deny deny_status 429 if { sc_http_err_rate(0) gt 20 }
  http-request deny deny_status 429 if { sc_http_req_rate(0) gt 200 }
  http-request redirect scheme https code 301 if !{ ssl_fc }
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains
  http-response replace-header Set-Cookie (.*) \1;\ Secure
  http-response replace-header Location http://(.+) https://\1

  acl tesitest hdr(host) tesitest.uno.due
  acl fb  path_beg /fb
  acl tec path_beg /tec

  use_backend prefb-http if tesipre fb
  use_backend pretec-http if tesipre tec
  use_backend preportal-http if tesipre

backend preportal-http
  option httpchk HEAD /
  cookie prs insert indirect nocache httponly maxidle 4h secure
  server vxws142a-82 vxws142a-tesife.uno.due:82 weight 2 cookie a check
  server vxws142b-82 vxws142b-tesife.uno.due:82 weight 2 cookie b check

backend prefb-http
  option httpchk HEAD /fb/client/util/checkIstance.cfm
  cookie fbrs insert indirect nocache httponly maxidle 4h secure
  server vxws142a-80 vxws142a-tesife.uno.due:80 weight 2 cookie a check
  server vxws142b-80 vxws142b-tesife.uno.due:80 weight 2 cookie b check

backend pretec-http
  option httpchk HEAD /tec/client/util/checkIstance.cfm
  cookie tecrs insert indirect nocache httponly maxidle 4h secure
  server vxws142a-83 vxws142a-tesife.uno.due:83 weight 2 cookie a check
  server vxws142b-83 vxws142b-tesife.uno.due:83 weight 2 cookie b check

listen stats-http
bind name HTTPS ssl crt /etc/ssl/private/tesitest.uno.due-full.pem curves X25519:P-256 alpn h2,http/1.1
  stats enable
  stats show-legends
  stats show-node
  stats refresh 60s
  stats uri /haproxystats


Reply via email to