Virtual hosts

From: Alexander Staubo <>
Date: Thu, 28 Aug 2008 16:18:39 +0200

What is the recommended way of using HAProxy to serve multiple sites
(,, each with its own unique frontend/backend
requirements? As far as I can see HAProxy does not directly support routing to different frontends by host.

A few options come to mind:

(1) I could screw around with acls, but the rules would end up being a
bit complex and unreadable. Each site has a bunch of acls and they would have to be and-ed with site-specific hosts, and default_backend cannot be used. For example, instead of:

  acl static path_beg /javascripts/
  acl static path_beg /images/
  acl static path_beg /stylesheets/

  use_backend nginx if static
  default_backend rails

I would have to do something like:

  acl site1 hdr(host) -i

  acl site1_static path_beg /javascripts/
  acl site1_static path_beg /images/
  acl site1_static path_beg /stylesheets/

  acl site2 hdr(host) -i

  acl site2_static path_beg /javascripts/
  acl site2_static path_beg /images/
  acl site2_static path_beg /stylesheets/

  use_backend site1_nginx if site1 site1_static
  use_backend site1_rails if site1 !site1_static
  use_backend site2_nginx if site2 site2_static   use_backend site2_rails if site2 !site2_static


(2) Use a unique IP for each site. That works fine when HAProxy is
installed on a single box, but that configuration cannot be applied to multiple boxes as-is; each machine needs different bind statements. I like to store the config in a version control system and apply it to multiple boxes simultaneous, so to accomplish this I would end up having to preprocess the configs with scripts to get anywhere.

(3) Use separate IPs as above, but bind HAProxy to different localhost
ports (eg., localhost:8000, localhost:8001) and use some kind of iptables trick to route the machine's external IP to HAProxy's internal. That, too, sounds complex. I don't like non-obvious setups that cannot be immediately understood by a single glance at the config.

(4) Use HAProxy itself to route: First, bind the actual site frontends
to localhost:N, then have a HTTP frontend declaration that uses a couple of acl rules to route the request to the appropriate site-specific front end. That adds overhead, and I'm not sure what the implications are of re-entering HAProxy like this.

#1 is the most attractive proposition at the moment, but I would love to hear about better ways in case I missed something in the documentaton.

Alexander. Received on 2008/08/28 16:18

This archive was generated by hypermail 2.2.0 : 2008/08/28 16:30 CEST