What is the difference between the mode-HTTP / mode-TCP in HAProxy?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)
  • HAProxy

Issue

  • Difference between HTTP/TCP mode in HAProxy
  • When do we have to use HTTP / TCP mode?
  • What parameter needs to be defined in HTTP/TCP mode?

Resolution

HAProxy can run in two different modes: TCP or HTTP. When operating in TCP mode, it acts as a layer 4 proxy. In HTTP mode, it acts as a layer 7 proxy.

In HAProxy, the tcp and http mode settings determine how the HAProxy operates in terms of the network stack and the layer at which it operates.

HAProxy (mode tcp):

  • In TCP mode, HAProxy operates at the transport layer, dealing with TCP connections. It acts as a TCP proxy, forwarding packets between clients and servers without inspecting the content. This mode is suitable for generic TCP-based services where you don't need to inspect or manipulate the application layer protocol.

  • In TCP mode If you are using non-HTTP traffic, such as database connections, custom protocols, or any other traffic that operates at the transport layer (TCP), then TCP mode is the appropriate choice.

  • If your application requires SSL/TLS termination (decrypting SSL/TLS traffic at the load balancer), this is typically done in HTTP mode. In TCP mode, HAProxy passes encrypted traffic directly to the backend servers without decrypting it.

  • Basic Configure HAProxy as layer 4 by setting mode TCP shown in the below configuration:

# vi /etc/haproxy/haproxy.cfg
defaults
    mode tcp

frontend db
    bind:8080
    default_backend test_databases

backend test_databases
    mode tcp
    balance roundrobin
    server db1 10.15.0.11:8080
    server db2 10.15.0.12:8080

HAProxy (mode http):

  • In HTTP mode, HAProxy operates at the application layer, allowing it to inspect and manipulate HTTP traffic. It can perform advanced load balancing based on HTTP parameters like headers, cookies, and URLs. Additional features, such as content switching, SSL termination, and request/response manipulation, are available in HTTP mode.

  • If you are load balancing web servers or applications that communicate over the HTTP protocol, you should use HTTP mode. This allows HAProxy to inspect and manipulate HTTP headers, cookies, and other application-layer data.

  • By using the HTTP method in the HAProxy config, you have access to several HTTP-specific options. For example, you can choose different backends based on the URL in the HTTP request. When specifying TCP mode, HAProxy does not evaluate the HTTP headers in the packet.

  • Basic Configure HAProxy as layer 7 proxy by setting mode HTTP as shown in the below configuration:

# vi /etc/haproxy/haproxy.cfg
defaults
    mode http

frontend www
    bind:80
    default_backend web_servers

backend web_servers
    mode http
    balance roundrobin
    server web1 10.15.0.11:3000
    server web2 10.15.0.12:3000

NOTE: When configuring HAProxy, choose HTTP mode for web applications and services that rely on HTTP features, and use TCP mode for generic TCP traffic without the need for HTTP-specific functionality. You would specify the mode based on the type of traffic. The decision should be based on the specific requirements and characteristics of your application architecture.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments