Failover Squid via HAProxy

Failover Squid via HAProxy #

2012-11-29

At the moment I’m using Squid quite a bit as a forward proxy. The application in question pulls content from remote sites and does some processing on it. It’s handy to have a copy of the site ’nearby’ in case further processing is needed. So, the content is pulled through Squid for later use. Obviously, a single squid instance is no good. If it goes down, everything grinds to a halt. I’m a huge fan of HAProxy, so I though it’s active/passive setup might be a good fit here.

The configuration of the health checks took me a little while to figure out, but apart from that it’s pretty straightforward.

Here’s the relevant chunk of the config.

frontend squid-frontend
  bind *:3128
  mode http
  default_backend squid-backend

backend squid-backend
  balance roundrobin
  option httpchk GET http://10.11.12.1:1080/ HTTP/1.0
  server squid-1 10.11.12.100:3128 check inter 60000
  server squid-2 10.11.12.200:3128 check inter 60000 backup

listen squid-responder
  bind *:1080
  mode http
  monitor-uri /

First of all, we have a frontend listening on port 3128, as squid would be. This is a http mode frontend and it sends all of the traffic to the backend ‘squid-backend’.

Next, we have the backend ‘squid-backend’. There are two servers in this backend. Normally, squid-1 is the active backend and all traffic coming into ‘squid-frontend’ will hit this server. If squid-1 goes down all of the traffic is routed to ‘squid-2’ instead. The ‘backup’ keyword is what turns this active/passive behaviour on.

The problem then is, how do we do a health check on each squid instance? To test squid properly, you need to make a request through squid to something else. This is where the ‘squid-responder’ block comes in. The only function of this listener is as a ‘remote’ url to pull through squid. So, we set our httpchck to make a GET request to HAProxy itself, but it will be routed through the relevant squid server.

The one downside with this setup is that, on the failure of your active squid server, you failover to a cold cache. Hopefully that’ll be rare enough that it won’t make too much of an impact.

Note : this is where I found the solution to this problem, from Willy himself - http://www.mail-archive.com/haproxy@formilux.org/msg05171.html

Calendar June 9, 2023