Merge pull request #1388 from nvollmar/haproxy-http-check

T6246: adds haproxy http-check configuration documentation
2025-10-26 08:41:46 +01:00 · 2024-04-19 13:48:15 +02:00 · 2024-04-19 13:48:15 +02:00 · 9fec5003f7
commit 9fec5003f7
parent e176d0d548 49178565bb
1 changed files with 68 additions and 7 deletions
--- a/docs/configuration/loadbalancing/reverse-proxy.rst
+++ b/docs/configuration/loadbalancing/reverse-proxy.rst
@ -144,7 +144,8 @@ Backend

  Send a Proxy Protocol version 2 header (binary format)

-.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl ca-certificate <ca-certificate>
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl
+   ca-certificate <ca-certificate>

  Configure requests to the backend server to use SSL encryption and
  authenticate backend against <ca-certificate>
@ -154,6 +155,37 @@ Backend
  Configure requests to the backend server to use SSL encryption without
  validating server certificate

+
+HTTP health check
+^^^^^^^^^^^^^^^^^
+For web application providing information about their state HTTP health
+checks can be used to determine their availability.
+
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+
+  Enables HTTP health checks using OPTION HTTP requests against '/' and
+  expecting a successful response code in the 200-399 range.
+
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+   method <method>
+
+  Sets the HTTP method to be used, can be either: option, get, post, put
+
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+   uri <path>
+
+  Sets the endpoint to be used for health checks
+
+.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check
+   expect <condition>
+
+  Sets the expected result condition for considering a server healthy.
+  Some possible examples are:
+   * ``status 200`` Expecting a 200 response code
+   * ``status 200-399`` Expecting a non-failure response code
+   * ``string success`` Expecting the string `success` in the response body
+
+
 Global
 -------

@ -215,6 +247,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm.
    set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
    set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'

+
 Balancing based on domain name
 ------------------------------
 The following configuration demonstrates how to use VyOS
@ -295,20 +328,22 @@ connection limit of 4000 and a minimum TLS version of 1.3.
    set load-balancing reverse-proxy global-parameters max-connections '4000'
    set load-balancing reverse-proxy global-parameters tls-version-min '1.3'

+
 SSL Bridging
 -------------
-The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends
-to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to
+The following configuration terminates incoming HTTPS traffic on the router,
+then re-encrypts the traffic and sends to the backend server via HTTPS.
+This is useful if encryption is required for both legs, but you do not want to
 install publicly trusted certificates on each backend server.

-Backend service certificates are checked against the certificate authority specified in the configuration, which
-could be an internal CA.
+Backend service certificates are checked against the certificate authority
+specified in the configuration, which could be an internal CA.

 The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to
 handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination.

-The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend
-server has a valid certificate trusted by CA ``cacert``
+The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS
+and checks backend server has a valid certificate trusted by CA ``cacert``


 .. code-block:: none
@ -325,3 +360,29 @@ server has a valid certificate trusted by CA ``cacert``
    set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23'
    set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443'

+
+Balancing with HTTP health checks
+---------------------------------
+
+This configuration enables HTTP health checks on backend servers.
+
+.. code-block:: none
+
+    set load-balancing reverse-proxy service my-tcp-api backend 'bk-01'
+    set load-balancing reverse-proxy service my-tcp-api mode 'tcp'
+    set load-balancing reverse-proxy service my-tcp-api port '8888'
+
+    set load-balancing reverse-proxy backend bk-01 balance 'round-robin'
+    set load-balancing reverse-proxy backend bk-01 mode 'tcp'
+
+    set load-balancing reverse-proxy backend bk-01 http-check method 'get'
+    set load-balancing reverse-proxy backend bk-01 http-check uri '/health'
+    set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200'
+
+    set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11'
+    set load-balancing reverse-proxy backend bk-01 server srv01 port '8881'
+    set load-balancing reverse-proxy backend bk-01 server srv01 check
+    set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12'
+    set load-balancing reverse-proxy backend bk-01 server srv02 port '8882'
+    set load-balancing reverse-proxy backend bk-01 server srv02 check
+