Haproxy Docker Compose (How it Works for Developers)

Introduction

A load balancer is part of crucial modern IT infrastructure designed to distribute network traffic efficiently across multiple servers or resources. This improves the system's scalability and performance by preventing any single server from getting overloaded. The load balancer, which sits between the clients and the servers on the back end, minimizes response time while using the available resources.

Load balancers carry out these basic tasks, which include fault tolerance, traffic distribution, and session persistence. A load balancer can be a primary software program, physical product, or cloud-based service provided by AWS or Azure. Some of the most commonly used algorithms for traffic allocation are Round Robin, Least Connections, and IP Hash.

What is HAProxy Docker?

HAProxy Docker refers to placing the HAProxy load balancer in a Docker container. The power of the traffic management capabilities of HAProxy can now be combined with the flexibility and portability of Docker. HAProxy is a popular, widely-used, open-source load balancer for web applications and microservices environments offering high availability and reverse proxying. The advantages of running HAProxy in a Docker container host include easy deployment, isolation, scalability, and platform independence. HAProxy Docker can distribute traffic across multiple backend services efficiently, monitor the health of containers, and dynamically adjust routing based on container availability.

It supports features such as SSL/TLS termination, session persistence, and multiple load-balancing algorithms, including Round Robin and Least Connections. This makes HAProxy Docker an excellent way to manage containerized traffic since it can even integrate well with orchestration tools like Kubernetes or Docker Swarm to provide dynamic scaling and automated service discovery. This ensures that modern applications have robust, high-performance, and secure traffic management without any file issues.

Features of HAProxy Docker

Load Balancing

HAProxy excels at spreading the load of network traffic over many backend servers. Its many load-balancing algorithms include Round Robin, Least Connections, and IP Hash, so that customers may adapt the traffic flow according to their applications' special needs. This allows HAProxy to accept traffic on both Layer 4 (TCP) and Layer 7 (HTTP/HTTPS) supported architectures, which puts it at a high-performance range from simple TCP routing applications to complex application-layer load balancing.

High Availability

The central feature, high availability, means keeping the service up and always running. HAProxy sends traffic away from servers proven unhealthy or failed due to backend servers' health statuses. Failover prevents too much downtime in cases where a server is not alive or unexpectedly fails.

SSL/TLS support

HAProxy fully supports SSL/TLS, ensuring secure communication from the client to the servers. In addition, HAProxy can terminate SSL/TLS connections to offload encryption and decryption tasks away from backend servers, improving the former's performance. If end-to-end encryption is required, HAProxy can forward the encrypted traffic to the services behind it.

Reverse Proxying

HAProxy is one of the best reverse proxies for sending all client request traffic to the related services on the backend side. It supports features such as altering headers, redirects from URLs, or even some specialized routing based on specific user conditions that can be set against specific rules. Thus, HAProxy can also be considered one of the viable candidates for multi-service architecture, along with microservices.

Security Enhancement

HAProxy is full of security features such as rate limiting, DDoS protection, and ACLs. All these are used to filter incoming traffic, which means that nasty requests that might otherwise reach your back-end servers will keep your applications stable.

Scalability

HAProxy is highly scalable. It can easily support millions of concurrent connections without latency being associated with the use and scale up without having latency problems. This environment supports container orchestration environments like Kubernetes and Docker Swarm, with their containerized workloads providing the advantages of dynamic scaling and service discovery.

Logging and Monitoring

HAProxy possesses fine-grained logging that can help to make sense of flows, troubleshoot issues, and analyze performance. It interoperates seamlessly with Prometheus' monitoring tool, Grafana, and Datadog among others representing real-time data regarding servers' healthiness, network traffic flow, and resource utilization.

HAProxy supports easy flexibility in configuration

HAProxy offers a very flexible and powerful configuration capability. Utilizing it, users can define rather sophisticated routing rules like routing conditionally on headers or cookies. URL rewriting as well as session persistence is supported, even multi-tenancy, whereby one instance of HAProxy can service multiple domains or applications.

Installing HAProxy with Docker

Installing and running HAProxy using Docker is a fairly simple process. Below are the steps taken one step at a time.

Docker Installation

Ensure that Docker is installed on your system. To verify installation, you can run the command below:

docker --version

docker --version

If the Docker is not installed on the system, visit the Docker link here to download and install it from the official website.

Pull the HAProxy Docker Image

Pull the official HAProxy image from Docker Hub. The latest HAProxy version will download the most recent stable version:

docker pull haproxy:latest

docker pull haproxy:latest

Create an HAProxy Configuration File

HAProxy needs a configuration file that defines its behavior. After downloading respective Dockerfile links for Docker and HAProxy, create a file called haproxy.cfg with the following example content:

global
    log stdout format raw local0
defaults
    log     global
    mode    http
    timeout connect 5s
    timeout client  50s
    timeout server  50s
frontend http_front
    bind *:80
    default_backend http_back
backend http_back
    server app1 host.docker.internal:32769 check

global
    log stdout format raw local0
defaults
    log     global
    mode    http
    timeout connect 5s
    timeout client  50s
    timeout server  50s
frontend http_front
    bind *:80
    default_backend http_back
backend http_back
    server app1 host.docker.internal:32769 check

'INSTANT VB TODO TASK: The following line uses invalid syntax:
'global log stdout format raw local0 defaults log global mode http timeout connect 5s timeout client 50s timeout server 50s frontend http_front bind *:80 default_backend http_back backend http_back server app1 host.docker.internal:32769 check

This HAProxy config defines:

Frontend: Listen on port 4500 and route traffic to the backend
Backend: Distributes traffic between two servers, namely app1

Run HAProxy Docker Container

Run the HAProxy Docker container, mounting the configuration file and exposing the necessary ports:

docker run -d --network haproxy --name haproxy-container -p 4500:4500 -v D:\Docker\haproxy-config\haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy:latest

docker run -d --network haproxy --name haproxy-container -p 4500:4500 -v D:\Docker\haproxy-config\haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy:latest

• -d: Detaches mode is running for the container.

  • --name haproxy-container: gives the name for the container.

  -p 4500:4500: Maps port 4500 on the host to port 4500 in the container.

• -v $(pwd)/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro Mounts the local configuration file into the container.

Access HAProxy

Open a web browser and navigate to http://localhost:4500 or your server's IP address to test traffic routing.

To check the HAProxy stats run the below command:

What is IronSecureDoc?

IronSecureDoc is a utility for document management and security that relies on strong encryption, advanced PDF manipulation, and digital signing. It provides document confidentiality and integrity to companies and developers with smooth access and, therefore, makes the processing of PDF documents easier without direct or indirect dependencies. This can also be referred to as Aggressive PDF API in cases where its features enable developers to programmatically create, upload, manipulate, and secure PDF files and documents.

In addition, IronPDF is a PDF API that facilitates creating a PDF from any data input and adding or editing content using parameters such as text, images, and metadata. This includes features such as the merging of several PDFs to make composed files, splitting of documents, and even comments, highlights, or watermarks for annotations.

It provides password protection, AES encryption, and certificate-based access controls that lock all your sensitive information and data. Apart from this, it enables digital signing to authenticate your documents and nonrepudiation-a very important feature in financial, medical, and legal industries. Its audit trail functionality allows monitoring of all the activities executed on the documents for more compliance and accountability.

Install and Run IronSecureDoc

Pull the Docker image of IronSecureDoc using the command in the Command Prompt or an open terminal window according to the following repository.

docker pull ironsoftwareofficial/ironsecuredoc

docker pull ironsoftwareofficial/ironsecuredoc

ironSecureDoc, an operating container.IronSecureDoc, an operating container.

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest

The Docker run command above will start a container instance of the IronSecureDoc. Now you access the IronSecureDoc on the port http://localhost:8080/swagger/index.html like the below page.

Integrate IronSecureDoc with HAProxy

Prepare a haproxy.cfg file to define your frontend and backend configurations. Below is a simple example configuration:

explain below haproxy.cfg file 
global
    log stdout format raw local0
defaults
    log     global
    mode    http
    option  httplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms
frontend http_front
    bind *:4500
    acl body_has_data req.hdr_val(Content-Length) gt 0
    http-request set-method POST if METH_GET body_has_data
    use_backend ironsecuredoc if { path /ironsecuredoc } || { path_beg /ironsecuredoc/ }
    use_backend ironsecuredoc_ping if { path /ping } || { path_beg /ping/ }
    use_backend ironsecuredoc_encrypt if { path /encrypt } || { path_beg /encrypt/ }
    #default_backend ironsecuredoc
backend ironsecuredoc
    balance roundrobin
    http-request set-path /swagger/index.html
    server ironsecuredoc_server3 host.docker.internal:8080 check
backend ironsecuredoc_encrypt
    balance roundrobin
    http-request set-path /v1/document-services/pdfs/encrypt
    server ironsecuredoc_server3 host.docker.internal:8080 check
backend ironsecuredoc_ping
    balance roundrobin
    http-request set-path /v1/document-services/ping
    server ironsecuredoc_server3 host.docker.internal:8080 check

explain below haproxy.cfg file 
global
    log stdout format raw local0
defaults
    log     global
    mode    http
    option  httplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms
frontend http_front
    bind *:4500
    acl body_has_data req.hdr_val(Content-Length) gt 0
    http-request set-method POST if METH_GET body_has_data
    use_backend ironsecuredoc if { path /ironsecuredoc } || { path_beg /ironsecuredoc/ }
    use_backend ironsecuredoc_ping if { path /ping } || { path_beg /ping/ }
    use_backend ironsecuredoc_encrypt if { path /encrypt } || { path_beg /encrypt/ }
    #default_backend ironsecuredoc
backend ironsecuredoc
    balance roundrobin
    http-request set-path /swagger/index.html
    server ironsecuredoc_server3 host.docker.internal:8080 check
backend ironsecuredoc_encrypt
    balance roundrobin
    http-request set-path /v1/document-services/pdfs/encrypt
    server ironsecuredoc_server3 host.docker.internal:8080 check
backend ironsecuredoc_ping
    balance roundrobin
    http-request set-path /v1/document-services/ping
    server ironsecuredoc_server3 host.docker.internal:8080 check

explain below haproxy.cfg file global log stdout format raw local0 defaults log global mode http [option] httplog timeout connect 5000Ds timeout client 50000Ds timeout server 50000Ds frontend http_front bind *:4500 acl Function req_hdr_val(Content- ByVal Length As ) As body_has_data Implements req.hdr_val
'INSTANT VB WARNING: Instant VB cannot determine whether both operands of this division are integer types - if they are then you should use the VB integer division operator:
	path /ironsecuredoc
End Function
 OrElse
If True Then
'INSTANT VB WARNING: Instant VB cannot determine whether both operands of this division are integer types - if they are then you should use the VB integer division operator:
	path_beg /ironsecuredoc/
End If
'INSTANT VB TODO TASK: Local functions are not converted by Instant VB:
'use_backend ironsecuredoc_ping if
'{
'	path /ping
'}
 OrElse
If True Then
'INSTANT VB WARNING: Instant VB cannot determine whether both operands of this division are integer types - if they are then you should use the VB integer division operator:
	path_beg /ping/
End If
'INSTANT VB TODO TASK: Local functions are not converted by Instant VB:
'use_backend ironsecuredoc_encrypt if
'{
'	path /encrypt
'}
 OrElse
If True Then
	#default_backend ironsecuredoc
'INSTANT VB WARNING: Instant VB cannot determine whether both operands of this division are integer types - if they are then you should use the VB integer division operator:
	path_beg /encrypt/
End If
'INSTANT VB TODO TASK: The following line uses invalid syntax:
'backend ironsecuredoc balance roundrobin http-request @set-path /swagger/index.html server ironsecuredoc_server3 host.docker.internal:8080 check backend ironsecuredoc_encrypt balance roundrobin http-request @set-path /v1/document-services/pdfs/encrypt server ironsecuredoc_server3 host.docker.internal:8080 check backend ironsecuredoc_ping balance roundrobin http-request @set-path /v1/document-services/ping server ironsecuredoc_server3 host.docker.internal:8080 check

This configuration file of HAProxy creates a system capable of handling HTTP traffic for the multiple IronSecureDoc services. It then globally configures for raw log output to the stdout, and the default section enables HTTP as a mode and detailed HTTP, along with setting connection timeout for the clients and the server. The front-end is http_front defined on port 4500, including rules to manage routing based on the path of the HTTP request. For instance, requests to /ironsecuredoc are routed to the ironsecuredoc backend. Requests to /ping and /encrypt are routed to their respective backends. The ACL rule identifies requests that have a body by way of the Content-Length header. If a body exists, it converts GET requests to POST.

The Round Robin algorithm is used to distribute traffic across backends. Each backend rewrites the request path before forwarding it to the server that corresponds to it. For instance, the ironsecuredoc backend rewrites paths to /swagger/index.html. The ironsecuredoc_encrypt and ironsecuredoc_ping backends rewrite paths to /v1/document-services/pdfs/encrypt and /v1/document-services/ping, respectively. All of them point to a single server running at host.docker.internal:8080. Health checks are added to ensure that a server is available. Thus, the configuration ensures smooth traffic management for various services while being flexible with manipulating requests.

curl -X 'POST' \
  'http://localhost:4500/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'

curl -X 'POST' \
  'http://localhost:4500/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'

But if we are posting to the IronSecureDoc API, we also may wish to ask for the password to encrypt the request with a user's password to a document. The document output file will be sent and downloaded automatically, and it will be saved safely.

Conclusion

It will also integrate HAProxy with IronSecureDoc software contained, so to ensure a reliable and scalable solution in managing the services for the security of documents with optimized traffic routing and load balancing. The high availability is ensured because of the efficient distribution of traffic across multiple instances of IronSecureDoc through the implementation of health checks for handling failovers, along with the provision of custom routing rules towards varied service endpoints.

This configuration supports handling complex workflows like encryption and health monitoring flexibly while being scalable in the future. Whether it is in a containerized or a traditional environment, the lightweight yet high-performance design of HAProxy is such that it complements the security feature of IronSecureDoc with reliable and efficient management for secure documents. The features from HAProxy thus assist organizations in improving the deployment of IronSecureDoc in ensuring performance and resilience for the applications.

Using IronSecureDoc REST API, safe printing and effective PDF format and handling are now easily integrated with applications developed by web, mobile, and corporate systems developers. To read more about the license of IronSecureDoc, visit the licensing page. For information about the products of Iron Software, follow the library suite page.