The biggest gotcha I had a problem with was that on the secondary host, HAProxy kept complaining that it couldn’t bind to the IP, since the IP was on the other host. You have to set net.ipv4.ip_nonlocal_bind = 1
in sysctl so that it won’t complain.
The keepalived configuration is very simple, and there are a lot of examples of how to set it up.
For HAProxy, here’s a simple frontend/backend template that I use.
frontend <cluster_name>_in_443 # rename to cluster
bind <VIP_address>:443 # change to the DNS-resolvable IP for the cluster
bind <VIP_address>:80 # change to the DNS-resolvable IP for the cluster
acl is_websocket hdr(Upgrade) -i WebSocket
acl https_port dst_port 443
acl http_port dst_port 80
mode tcp
use_backend <cluster_name>_out_443 if https_port # rename to cluster
use_backend <cluster_name>_out_80 if http_port # rename to cluster
backend <cluster_name>_out_443 # rename to cluster
server server1 <host_ip_1>:443 check # change to host 1
server server2 <host_ip_2>:443 check # change to host 2
server server3 <host_ip_3>:443 check # change to host 2
backend <cluster_name>_out_80 # rename to cluster
server server1 <host_ip_1>:80 check # change to host 1
server server2 <host_ip_2>:80 check # change to host 2
server server3 <host_ip_3>:80 check # change to host 3