HAProxy Reverse Proxy

HAProxy can be used for centralized access to the LogScale self-hosted cluster. It provides front-end SSL termination, and back-end load balancing for event ingest, API access, and UI sessions.

Note

Before deploying HAProxy secure a valid signed SSL certificate with associated public and private keys. A self-signed certificate may be used for initial build and testing if a signed SSL certificate is not available.

Refer to the official HAProxy documentation for the latest HAProxy releases, documentation, and installation instructions.

Follow the official HAProxy Installation instruction for deploying HAProxy version 2.8, or greater, on Ubuntu Linux.

To deploy HAProxy:

  1. Install HAProxy on Ubuntu (Linux):

    shell
    shell> apt-get install haproxy=2.8.\*

  2. Configure HAProxy in the /etc/haproxy/haproxy.cfg: 

    defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  65000
        timeout server  65000
        errorfile 400 /var/log/haproxy/400.http
        errorfile 403 /var/log/haproxy/403.http
        errorfile 408 /var/log/haproxy/408.http
        errorfile 500 /var/log/haproxy/500.http
        errorfile 502 /var/log/haproxy/502.http
        errorfile 503 /var/log/haproxy/503.http
        errorfile 504 /var/log/haproxy/504.http
        stats enable
        stats hide-version
        stats refresh 30s
        stats show-node
        stats auth <stats user>:<password>
        stats uri /haproxy?stats

frontend <front-end url>
  mode http
  bind :443 ssl crt /etc/haproxy/cacert_combo.pem ssl verify none
  default_backend servers

backend servers
   mode http
   balance roundrobin
   server s1 <logscale-server1>:8080
   server s2 <logscale-server2>:8080
   server s3 <logscale-server3>:8080

    Important

    When using HAProxy for ingest, it is best practice to enable the log-shipper to perform retries on sending the data if the connection fails, rather than allowing HAProxy to retry. This will help ensure that data is not duplicated during ingest if both HAProxy and the log shipper re-send the data. To disable retries, add the retries to defaults section of the file. For example:

    no-highlight
    defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  65000
        timeout server  65000
        errorfile 400 /var/log/haproxy/400.http
        errorfile 403 /var/log/haproxy/403.http
        errorfile 408 /var/log/haproxy/408.http
        errorfile 500 /var/log/haproxy/500.http
        errorfile 502 /var/log/haproxy/502.http
        errorfile 503 /var/log/haproxy/503.http
        errorfile 504 /var/log/haproxy/504.http
        retries 0
        stats enable
        stats hide-version
        stats refresh 30s
        stats show-node
...

To ensure that the proxy service is started during boot, configure the HAProxy as a service as detailed in Configuring HAProxy as a Service.