Ingress and Failover

The biggest gotcha I had a problem with was that on the secondary host, HAProxy kept complaining that it couldn’t bind to the IP, since the IP was on the other host. You have to set net.ipv4.ip_nonlocal_bind = 1 in sysctl so that it won’t complain.

The keepalived configuration is very simple, and there are a lot of examples of how to set it up.
For HAProxy, here’s a simple frontend/backend template that I use.

frontend <cluster_name>_in_443                  # rename to cluster
  bind <VIP_address>:443                        # change to the DNS-resolvable IP for the cluster
  bind <VIP_address>:80                         # change to the DNS-resolvable IP for the cluster
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl https_port dst_port 443
  acl http_port dst_port 80
  mode tcp
  use_backend <cluster_name>_out_443 if https_port                # rename to cluster
  use_backend <cluster_name>_out_80 if http_port                  # rename to cluster

backend <cluster_name>_out_443                                    # rename to cluster
  server server1 <host_ip_1>:443 check                            # change to host 1
  server server2 <host_ip_2>:443 check                            # change to host 2
  server server3 <host_ip_3>:443 check                            # change to host 2

backend <cluster_name>_out_80                                     # rename to cluster
  server server1 <host_ip_1>:80 check                             # change to host 1
  server server2 <host_ip_2>:80 check                             # change to host 2
  server server3 <host_ip_3>:80 check                             # change to host 3
3 Likes