I have been using HA-Proxy version 1.5.18 on CentOs server, as CentOS Linux 7 is going to be discontinued in near future, i have upgraded from CentOs to Red Hat, now default version of haproxy on my ref hat is 2.4.17, I place haproxy.cfg of version 1.5.18 in version 2.4.17, and try to start haproxy with systemctl start haproxy, but it is not starting. Below is my haproxy.cfg of version 1.5.18 which working fine on CentOs but not on RedHat
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 5000
user haproxy
group haproxy
daemon
tune.maxrewrite 4096
tune.http.maxhdr 202
#tune.ssl.default-dh-param 2048
tune.ssl.default-dh-param 2048
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers AES256-SHA
#ssl-default-bind-ciphers PROFILE=SYSTEM
#ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode http
log global
option httplog
option forwardfor
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 10
timeout http-request 40s
timeout queue 1m
timeout connect 40s
timeout client 1m
timeout server 1m
timeout http-keep-alive 60s
timeout check 50s
maxconn 5000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
#frontend main *:5000
frontend xyzabc
#frontend localnodes
bind *:443 ssl crt /home/ssl/kccb-new.pem
mode http
option httplog
capture request header X-Forwarded-For len 20
capture request header authorization len 80
capture request header X-Client-Auth len 80
capture request header User-Agent len 400
capture request header Host len 150
capture request header Accept-Language len 10
log-format "%{+Q}o\client_address=\%{+Q}[capture.req.hdr(0)],client_port=\%cp,server_address=\%si,server_port=\%sp,status=\%ST"
http-response add-header Access-Control-Allow-Origin *
http-response add-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
rspadd Access-Control-Expose-Headers:\ *
rspadd Access-Control-Allow-Headers:\ *
rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
acl url_kccb_mb path_beg /mb/
use_backend kccb_backend if url_kccb_mb
acl url_sys_ha path_beg /sys/ha/
use_backend sys_ha if url_sys_ha
backend kccb_backend
balance roundrobin
option forwardfor
# http-request set-header X-Client-IP %[src]
http-request set-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
http-request replace-header ^([^\ :]*)\ /mb/(.*) \1\ /mbkccbxt/\2
server kccb_mb 10.0.101.100:5000 check #maxconn 10000
backend sys_ha
balance roundrobin
http-request replace-header ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
server sys-ha 127.0.0.1:8936 check
While starting haproxy with "systemctl start haproxy", i am getting following error
parsing [/etc/haproxy/haproxy.cfg:95] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:96] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:97] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:98] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:99] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
I did some research online to find solution for error, and found that The ‘reqrep’ directive is not supported anymore since HAProxy 2.1. and have to use ‘http-request replace-header’ instead. so i replace ‘reqrep’ with ‘http-request replace-header’ and tried to start haproxy got following error :
parsing [/etc/haproxy/haproxy.cfg:95] : error detected in frontend 'xyzabc' while parsing 'http-r>
I am not pro in haproxy, but i have to get this done, can anyone help me in this to resolve this error ?
I did some more research during weekend and found the solution, in newer HAPROXY version (>=2.*) rspadd and reqrep is no more supported, rspadd needs to be replaced with "http-response add-header" and have to remove backslashes
From :
rspadd Access-Control-Expose-Headers:\ *
to :
http-response add-header Access-Control-Expose-Headers *
same way reqrep needs to be replace with "http-request replace-path"
From :
reqrep ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
To :
http-request replace-path ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
After making changes as above, I restarted haproxy, and it started without any issue and worked as expected, it will be helpful to users who is upgrading haproxy 1.* to haproxy 2.*