I've been using HAProxy for a very long time now (for over a decade to say the least) and I've been a big fan ever since. The longterm stability and speed of that reverse-proxy-balancer is unmatched!
Another really nice feature: Many configurations (/etc/haproxy/haproxy.cfg) could be re-used in new or additional setups involving a HAProxy installation.
Here's a basic and rather limited configuration for a frontend and backend for a typical HTTP application:
frontend myapp-in
bind *:1234
default_backend myapp-out
backend myapp-out
balance roundrobin
option httpchk GET /api/_health HTTP/1.1\r\nHost:\ myapp.example.com\r\nConnection:\ close
server backend1 192.168.0.171:443 ssl verify none check inter 10s fall 2 rise 3
server backend2 192.168.0.172:443 ssl verify none check inter 10s fall 2 rise 3
This also involves a so-called HTTP Check (option httpchk) to be executed on each backend server. This helps HAProxy to regularly (check inter 10s) check the backend server is working correctly. If the check fails, the affected backend server will be taken out of the balancing after a certain number of failures (fall 2).
This configuration, including the option httpchk, has worked well in the past. Including (I just verified) on HAProxy 2.2.x on Debian 11 and on HAProxy 2.6.x on Debian12.
Here and there some adjustments needed to be made, according to the application - of course. But in general this has always been a smooth transition. In the past.
When I installed HAProxy in a systems setup for a new project on a Debian 13 machine, I ran into the following error:
Aug 22 12:35:46 debian13 systemd[1]: Starting haproxy.service - HAProxy Load Balancer...
Aug 22 12:35:46 debian13 haproxy[4215]: [NOTICE] (4215) : haproxy version is 3.0.11-1
Aug 22 12:35:46 debian13 haproxy[4215]: [NOTICE] (4215) : path to executable is /usr/sbin/haproxy
Aug 22 12:35:46 debian13 haproxy[4215]: [ALERT] (4215) : config : parsing [/etc/haproxy/haproxy.cfg:41] : 'option httpchk' : hiding headers or body at the end of the version string is unsupported.Use 'http-check send' directive instead..
Aug 22 12:35:46 debian13 haproxy[4215]: [ALERT] (4215) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Aug 22 12:35:46 debian13 haproxy[4215]: [ALERT] (4215) : config : Fatal errors found in configuration.
Aug 22 12:35:46 debian13 systemd[1]: haproxy.service: Main process exited, code=exited, status=1/FAILURE
Aug 22 12:35:46 debian13 systemd[1]: haproxy.service: Failed with result 'exit-code'.
The relevant error points to the option httpchk. While this option worked before, now it seems to cause problems.
The reason? Debian 13 is using HAProxy 3.0.x. Obviously a major version change, especially considering for how long HAProxy 2.x releases were published.
But the same error also shows up on HAProxy 2.8, which will be installed on an Ubuntu 24.04:
Aug 22 15:07:00 ubuntu2404 systemd[1]: Starting haproxy.service - HAProxy Load Balancer...
Aug 22 15:07:00 ubuntu2404 haproxy[17302]: [NOTICE] (17302) : haproxy version is 2.8.5-1ubuntu3.3
Aug 22 15:07:00 ubuntu2404 haproxy[17302]: [NOTICE] (17302) : path to executable is /usr/sbin/haproxy
Aug 22 15:07:00 ubuntu2404 haproxy[17302]: [ALERT] (17302) : config : parsing [/etc/haproxy/haproxy.cfg:88] : 'option httpchk' : hiding headers or body at the end of the version string is unsupported.Use 'http-check send' directi>
Aug 22 15:07:00 ubuntu2404 haproxy[17302]: [ALERT] (17302) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Aug 22 15:07:00 ubuntu2404 haproxy[17302]: [ALERT] (17302) : config : Fatal errors found in configuration.
To get rid of the legacy HTTP check, the new http-check send option must be used. This option has actually been available for a long time, so it should even work for HAProxy 2.6 and even older. The new http-check allows advanced checks, compared to the older option httpchk:
backend myapp-out
balance roundrobin
http-check send meth GET uri /api/_health ver HTTP/1.1 hdr Host myapp.example.com
server backend1 192.168.0.171:443 ssl verify none check inter 10s fall 2 rise 3
server backend2 192.168.0.172:443 ssl verify none check inter 10s fall 2 rise 3
After the backend's HTTP check was adjusted, the HAProxy configuration no longer showed any errors:
root@debian13:~# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
HAproxy could be started successfully and the load balancing setup for this new application was completed.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Observability Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder