Hey ,
So today we will continue looking at HAproxy – however this time we will be using Docker to host our load balancer. As far as it is no problem to just download the main image from docker hub and run instantly it does not give out of the box something that I was after …… the logs.
That’s why I went ahead and just created my own version of HAproxy which includes rsyslog. Repository with the image can be found on github.
In order to run the container we just need to execute the following commands:
- To get the most up to date image from my docker hub repo
docker pull rafpe/docker-haproxy-rsyslog
- To start container ( assuming you have config file in current directory )
docker run -it -d -P -v ${PWD}/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg rafpe/docker-haproxy-rsyslog
Once you do this container should be up and running and if you query for current docker containers you should see something similar to output below :
As you can see we are getting logs directly visible after querying with docker logs command.
In one of the future posts we will be investigating logs format customisations as well as features included in HAproxy since 1.6 which is log tags.
If you would have any problems configuring this because of missing config you can use sample below
global
log 127.0.0.1 local2
maxconn 2000
pidfile /var/run/haproxy.pid
tune.ssl.default-dh-param 2048
# SSL ciphers
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
defaults
mode http
option httplog
option dontlognull
option forwardfor
option contstats
option http-server-close
option log-health-checks
retries 3
option redispatch
timeout connect 5000
timeout client 10000
timeout server 10000
# make sure log-format is on a single line
log global
log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"}
frontend http-in
bind *:80
# Default backend to be used
default_backend will-be-back-soon
backend will-be-back-soon
balance roundrobin
Hello, Since there is still no logging support I tried your solution.
And indeed I have some.. outputs.
I took exactly your settings and I got only some outputs upon the container start I guess.
They are messages about health check and that my backend servers are UP.
I don’t get the formated messages like you (about “Proxy .. started”).
And more important I don’t have any logs about after that. No logs for any requests.
Since I always get 503 error, I need to check some logs.
However thanks to your solution I’m at least sure that my servers are seen running from haproxy thanks to those health status.
thanks for this ~
It’s a shame that the official haproxy docker image doesn’t have logging builtin… https://github.com/dockerfile/haproxy/issues/3
Your solution worked like a charm, albeit a little hackish… would still prefer haproxy logging to stdout and let docker’s log driver to deal with the log destination.
Regardless, this is great. Thank you so much!
Hi,
Yes I thought the same!
Thanks rafpe. I wasn’t able to use your image because it terminated right after start. But I reused your great code for provisioning my container with rsyslog, configuring haproxy logging, starting the service and tailing the haproxy.log 🙂 This saved me so much time, you are a legend!
Happy you got it running! 😉