haproxy

haproxy upgrade from 1.5.18 to 2.4.17

I have been using HA-Proxy version 1.5.18 on CentOs server, as CentOS Linux 7 is going to be discontinued in near future, i have upgraded from CentOs to Red Hat, now default version of haproxy on my ref hat is 2.4.17, I place haproxy.cfg of version 1.5.18 in version 2.4.17, and try to start haproxy with systemctl start haproxy, but it is not starting. Below is my haproxy.cfg of version 1.5.18 which working fine on CentOs but not on RedHat

global
   
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     5000
    user        haproxy
    group       haproxy
    daemon

tune.maxrewrite 4096
tune.http.maxhdr 202
    
    #tune.ssl.default-dh-param 2048
    tune.ssl.default-dh-param 2048  
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers AES256-SHA
    #ssl-default-bind-ciphers PROFILE=SYSTEM
    #ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  forwardfor
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 10
    timeout http-request    40s
    timeout queue           1m
    timeout connect         40s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 60s
    timeout check           50s
    maxconn                 5000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
#frontend  main *:5000

frontend xyzabc 
#frontend localnodes    
 
 bind *:443 ssl crt /home/ssl/kccb-new.pem
    mode http
    option httplog
    capture request header X-Forwarded-For len 20
        capture request header authorization len 80
        capture request header X-Client-Auth len 80
        capture request header User-Agent len 400
        capture request header Host len 150        
        capture request header Accept-Language len 10       
    
    
    log-format "%{+Q}o\client_address=\%{+Q}[capture.req.hdr(0)],client_port=\%cp,server_address=\%si,server_port=\%sp,status=\%ST"
    http-response add-header Access-Control-Allow-Origin *
    http-response add-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
    rspadd Access-Control-Expose-Headers:\ *
    rspadd Access-Control-Allow-Headers:\ *
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization  if { capture.req.hdr(0) -m found }

    acl url_kccb_mb path_beg /mb/    
    use_backend kccb_backend if url_kccb_mb
    acl url_sys_ha path_beg /sys/ha/
    use_backend sys_ha if url_sys_ha


backend kccb_backend
    balance roundrobin
    option forwardfor
    
#    http-request set-header X-Client-IP %[src]
    http-request set-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
    http-request replace-header ^([^\ :]*)\ /mb/(.*) \1\ /mbkccbxt/\2
    server kccb_mb 10.0.101.100:5000 check #maxconn 10000

backend sys_ha
    balance roundrobin
    http-request replace-header ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
    server sys-ha 127.0.0.1:8936 check

While starting haproxy with "systemctl start haproxy", i am getting following error

parsing [/etc/haproxy/haproxy.cfg:95] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
 parsing [/etc/haproxy/haproxy.cfg:96] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
 parsing [/etc/haproxy/haproxy.cfg:97] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
 parsing [/etc/haproxy/haproxy.cfg:98] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
 parsing [/etc/haproxy/haproxy.cfg:99] : The 'rspadd' directive is not supported anymore since HAProxy 2.>

I did some research online to find solution for error, and found that The ‘reqrep’ directive is not supported anymore since HAProxy 2.1. and have to use ‘http-request replace-header’ instead. so i replace ‘reqrep’ with ‘http-request replace-header’ and tried to start haproxy got following error :

parsing [/etc/haproxy/haproxy.cfg:95] : error detected in frontend 'xyzabc' while parsing 'http-r>

I am not pro in haproxy, but i have to get this done, can anyone help me in this to resolve this error ?

Solution

  • I did some more research during weekend and found the solution, in newer HAPROXY version (>=2.*) rspadd and reqrep is no more supported, rspadd needs to be replaced with "http-response add-header" and have to remove backslashes

    From :

    rspadd Access-Control-Expose-Headers:\ *

    to :

    http-response add-header Access-Control-Expose-Headers *

    same way reqrep needs to be replace with "http-request replace-path"

    From :

    reqrep ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2

    To :

    http-request replace-path ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2

    After making changes as above, I restarted haproxy, and it started without any issue and worked as expected, it will be helpful to users who is upgrading haproxy 1.* to haproxy 2.*