cloud-hosting-platform/haproxy-manager-base
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4a9d9d7e6e2652ed02dac2414f031e4db3208c0
haproxy-manager-base/templates/hap_backend.tpl
Josh Knapp 5ebc3fb8e8 Add DNS resolver for automatic container IP re-resolution 
When Docker containers restart, they can get new IPs on the bridge
network. HAProxy caches DNS at config load time, so stale IPs cause
503s until config is regenerated.

Added a 'docker_dns' resolvers section pointing to Docker's embedded
DNS (127.0.0.11) with 10s hold time. Backend servers now use
'resolvers docker_dns init-addr last,libc,none' so HAProxy:
- Re-resolves container names every 10 seconds
- Falls back to last known IP if DNS is temporarily unavailable
- Starts even if a backend can't be resolved yet (init-addr none)

This eliminates 503s from container restarts, scaling, and recreation
without requiring a HAProxy config regeneration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 22:27:07 -07:00

41 lines
1.9 KiB
Smarty
Raw Blame History

# Regular HTTP backend - uses http-server-close for better security and connection management
backend {{ name }}-backend
option forwardfor
# Pass the real client IP to backend (from proxy headers or direct connection)
# This is crucial for container-level logging and security tools
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
http-request set-header X-Real-IP %[var(txn.real_ip)]
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
{% for server in servers %}
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }} resolvers docker_dns init-addr last,libc,none
{% endfor %}
# SSE-specific backend - optimized for Server-Sent Events long-lived connections
backend {{ name }}-sse-backend
# Disable http-server-close to allow SSE long-lived connections
no option http-server-close
# Enable http-no-delay for immediate data transmission
option http-no-delay
# Extended timeouts to support SSE long-lived connections (up to 6 hours)
# Note: SSE sends keepalives every 1 second, so timeout only triggers if backend hangs
timeout server 6h
timeout http-keep-alive 6h
option forwardfor
# Pass the real client IP to backend (from proxy headers or direct connection)
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
http-request set-header X-Real-IP %[var(txn.real_ip)]
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
{% for server in servers %}
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }} resolvers docker_dns init-addr last,libc,none
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink