1

I would like to hit the same service on two domains with different paths. Configured in marathon lb.

http://front-dev.marathon.ice.mesos/auth

and

http://auth-dev.marathon.ice.mesos

I have tried:

HAPROXY_0_VHOST=front-dev.marathon.ice.mesos,auth-dev.marathon.ice.mesos
HAPROXY_0_PATH=/auth

This will let me hit

http://front-dev.marathon.ice.mesos/auth and http://auth-dev.marathon.ice.mesos/auth

Not exactly what I wanted.

I have also tried 

HAPROXY_0_VHOST=front-dev.marathon.ice.mesos,auth-dev.marathon.ice.mesos
HAPROXY_0_PATH=/auth
HAPROXY_1_PATH=/

That changes nothing.

Two separate VHOST labels does not work either 

HAPROXY_0_VHOST=front-dev.marathon.ice.mesos
HAPROXY_1_VHOST=auth-dev.marathon.ice.mesos
HAPROXY_0_PATH=/auth
HAPROXY_1_PATH=/

1_VHOST and 1_PATH is ignored

freeduck
  • 333
  • 3
  • 7

2 Answers2

3

The logic you're looking for doesn't quite exist in MLB. It sounds like you want something like:

if (vhostA) use backend
else if (vhostB && pathB) use backend

There's a trick to accomplish the code above. If you look at the generated config, you should see a set of ACLs in the frontends for HTTP and HTTPS. To get rid of the extraneous config, configure just a vhost and switch to the simpler HAPROXY_HTTP_FRONTEND_ACL. We need to override the defaults, like this:

{
  "labels": {
    "HAPROXY_0_HTTP_FRONTEND_ACL"="  acl path_is_auth path_beg /auth\n  acl host_is_front_dev hdr(host) -i front-dev.marathon.ice.mesos\n  acl host_is_auth_dev hdr(host) -i auth-dev.marathon.ice.mesos\n  use_backend {backend} if host_is_auth_dev or host_is_front_dev path_is_auth\n"
  }
}

That should do it. Check the generated HAProxy config from MLB with curl marathon-lb.marathon.mesos:9090/_haproxy_getconfig.

You'll also need to update the equivalent HTTPS frontend ACLs if you're using HTTPS. Look here for a full list of the templates.

Brenden Matthews
  • 179
  • 3
2

Remember that the {n} index in the labels refers to the servicePort index of the service itself.

So, for the separate VHOST labels to work, you must create an additional port mapping and port definition to the service (for a total of two sets).

for example

"portMappings": [
    {
      "containerPort": 80,
      "hostPort": 0,
      "servicePort": 10010,
      "protocol": "tcp",
      "labels": {}
    },
    {
      "containerPort": 80,
      "hostPort": 0,
      "servicePort": 10011,
      "protocol": "tcp",
      "labels": {}
    }
  ],

and

"portDefinitions": [
    {
      "port": 10010,
      "protocol": "tcp",
      "labels": {}
    },
    {
      "port": 10011,
      "protocol": "tcp",
      "labels": {}
    }
]

Then, you can add the labels to the service as you were intending

HAPROXY_0_VHOST=front-dev.marathon.ice.mesos
HAPROXY_0_PATH=/auth
HAPROXY_0_HTTP_BACKEND_PROXYPASS_PATH=/auth
HAPROXY_1_VHOST=auth-dev.marathon.ice.mesos

... the HAPROXY_1_PATH=/ label is not necessary ;-)

If you're using the HAPROXY_{n}_PATH label, you will surely need to set an additional label HAPROXY_{n}_HTTP_BACKEND_PROXYPASS_PATH to map the path (in our example, /auth) to the root level of your app (In our example, /)

Of course check the HA-Proxy config at

curl marathon-lb.marathon.mesos:9090/_haproxy_getconfig

As Brenden Mathews said ;-)

Community
  • 1
  • 1
Leonardo Ramirez
  • 21
  • 3