9

We are using HAProxy to forward incoming TCP connections to a separate server that uses a raw TCP. The issue that we are seeing is that the client connection is accepted and then closed rather then rejected immediately. Since we have enabled a health check is there any way for HAProxy to unbind from the port so that the initial connection fails?

listen custom_forward
   mode tcp
   bind *:11144
   default-server inter 10m fastinter 20s downinter 1m maxconn 100
   server custom_server hostname:10144 check
Aron
  • 621
  • 5
  • 5

1 Answers1

14

You want to explicitly reject the connection if backend servers are down:

acl site_dead nbsrv lt 1
tcp-request connection reject if site_dead

Or acl site_dead nbsrv(backend_name) lt 1 where backend_name is the name of a different backend.

nbsrv documentation

acl documentation

tcp-reject documentation

Hummus_Ful
  • 5
  • 3
ty.
  • 10,924
  • 9
  • 52
  • 71
  • you should add `connection` so it should be `tcp-request connection reject if site_dead` , otherwise haproxy fails at parsing config. – Danduk82 Sep 01 '17 at 11:34
  • 1
    Sufficient for me, possibly more efficient: `tcp-request connection reject if { nbsrv(backend_name) lt 1 }` – dannyman Mar 30 '21 at 22:44