Failover Squid via HAProxy

At the moment I’m using Squid quite a bit as a forward proxy. The application in question pulls content from remote sites and does some processing on it. It’s handy to have a copy of the site ‘nearby’ in case further processing is needed. So, the content is pulled through Squid for later use. Obviously, a single squid instance is no good. If it goes down, everything grinds to a halt. I’m a huge fan of HAProxy, so I though it’s active/passive setup might be a good fit here.

The configuration of the health checks took me a little while to figure out, but apart from that it’s pretty straightforward.

Here’s the relevant chunk of the config.

  frontend squid-frontend
    bind *:3128
    mode http
    default_backend squid-backend
  
  backend squid-backend
    balance roundrobin
    option httpchk GET http://10.11.12.1:1080/ HTTP/1.0
    server squid-1 10.11.12.100:3128 check inter 60000
    server squid-2 10.11.12.200:3128 check inter 60000 backup
  
  listen squid-responder
    bind *:1080
    mode http
    monitor-uri /

First of all, we have a frontend listening on port 3128, as squid would be. This is a http mode frontend and it sends all of the traffic to the backend ‘squid-backend’.

Next, we have the backend ‘squid-backend’. There are two servers in this backend. Normally, squid-1 is the active backend and all traffic coming into ‘squid-frontend’ will hit this server. If squid-1 goes down all of the traffic is routed to ‘squid-2’ instead. The ‘backup’ keyword is what turns this active/passive behaviour on.

The problem then is, how do we do a health check on each squid instance? To test squid properly, you need to make a request through squid to something else. This is where the ‘squid-responder’ block comes in. The only function of this listener is as a ‘remote’ url to pull through squid. So, we set our httpchck to make a GET request to HAProxy itself, but it will be routed through the relevant squid server.

The one downside with this setup is that, on the failure of your active squid server, you failover to a cold cache. Hopefully that’ll be rare enough that it won’t make too much of an impact.

Note : this is where I found the solution to this problem, from Willy himself - http://www.mail-archive.com/haproxy@formilux.org/msg05171.html