levis/help365
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
production
help365/platform/haproxy-postgresql.html
koziavin 00717a92fb
All checks were successful
Deploy Static Site / deploy (push) Successful in 6m6s
Details
update
2025-05-29 16:42:45 +04:00

346 lines
34 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<title>Configure HAProxy for PostgreSQL</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="The architecture of the highly available BRIX cluster involves the interaction of BRIX application microservices with a PostgreSQL database cluster. To ensure secure load..." />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="infrastructure-preparation.html">Prepare infrastructure</a> &gt; Load balancer / Configure HAProxy for PostgreSQL</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Configure HAProxy for PostgreSQL</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">The architecture of the highly available BRIX cluster involves the interaction of BRIX application microservices with a PostgreSQL database cluster. To ensure secure load balancing in the system, create a HAProxy configuration for PostgreSQL. This way, in case of a failure, all traffic will be redirected to the Master-Replica(s) cluster, which guarantees continuous operation of the system.</p>
<p class="p_Normal">Examples of a HAProxy сonfiguration:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal"><a href="haproxy-postgresql.html#haproxypostgresql" class="topiclink">Example HAProxy configuration for connecting to PostgreSQL</a>.</li><li value="2" class="p_Normal"><a href="haproxy-postgresql.html#haproxypgbouncer" class="topiclink">Example HAProxy configuration for connecting to PGBouncer</a>.</li></ol>
<h2 class="p_Heading2"><a id="haproxypostgresql" class="hmanchor"></a><span class="f_Heading2">Example of a HAProxy configuration for connecting to PostgreSQL</span></h2>
<p class="p_Normal">This configuration is prepared for load balancing traffic in a PostgreSQL cluster deployed according to the description in <a href="configure-postgresql.html" class="topiclink">PostgreSQL cluster</a>. HAProxy is used for balancing. It automatically checks port <code><b>8008</b></code> of Patroni service on PostgreSQL servers with the <code><b>master</b></code> role.</p>
<p class="p_Normal">The operation traffic to the cluster is distributed as follows:</p>
<ul style="list-style-type:disc">
<li class="p_Normal">Write operations coming to <code><b>haproxy-server.your_domain:5000</b></code> are directed to the server with the <code><b>master</b></code> role.</li><li class="p_Normal">Read operations coming to <code><b>haproxy-server.your_domain:5001</b></code> are directed to servers with the <code><b>slave</b></code> role.</li></ul>
<p class="p_Normal">In case of a failure, all traffic will be redirected to the Master-Replica(s) cluster, i.e. write and read operations will start to arrive here.</p>
<p class="p_Normal">In order to create a HAProxy configuration for PostgreSQL, follow these steps:</p>
<ol style="list-style-type:upper-roman">
<li value="1" class="p_Normal">Open the <code><b>haproxy.cfg</b></code> configuration file for editing using the following command:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; margin: 0 0 0 34px;"><span class="f_CodeExample">sudo&nbsp;nano&nbsp;/etc/haproxy/haproxy.cfg</span></p>
<ol style="list-style-type:upper-roman" start="2">
<li value="2" class="p_Normal">Edit the <code><b>haproxy.cfg</b></code> configuration file:</li></ol>
<p class="p_Normal" style="margin: 0 0 0 34px;"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A1')">Configuration example:</a></p>
<div id="TOGGLE0186A1" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 34px;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_CodeExample" style="line-height: 1.80; white-space: normal; page-break-inside: auto; margin: 0 0 0 34px;"><span class="f_CodeExample">### PostgreSQL ###</span><br />
<span class="f_CodeExample">listen postgres_master</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;bind haproxy-server.your_domain:5000</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option tcplog</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option httpchk OPTIONS /master</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;http-check expect status 200</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;default-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server1 postgres-server1.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server2 postgres-server2.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server3 postgres-server3.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample">listen postgres_replicas</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;bind haproxy-server.your_domain:5001</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option tcplog</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option httpchk OPTIONS /replica</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;balance roundrobin</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;http-check expect status 200</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;default-server inter 3s fastinter 1s fall 3 rise 2 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server1 postgres-server1.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server2 postgres-server2.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server3 postgres-server3.your_domain:5432 check port 8008</span><br />
<span class="f_CodeExample">### PostgreSQL ###</span></p>
</td>
</tr>
</table>
</div>
<p class="p_Normal" style="margin: 0 0 0 34px;"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A2')">Example of a HAProxy configuration using SSL</a></p>
<div id="TOGGLE0186A2" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 34px;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal" style="line-height: 1.28; margin: 0 0 11px 0;"><span style="font-family: Inter;">Enabling SSL is possible if OpenSSL support is built in. In the </span><code><b>crt</b></code><span style="font-family: Inter;"> parameter, specify the path to the PEM file containing the required certificates and associated private keys (<a href="fullchain-sertificate.html" class="topiclink">fullchain certificate</a>). If the file does not contain a private key, HAProxy will attempt to load the key from the same path with a </span><span style="font-family: Inter; font-weight: bold;">.key</span><span style="font-family: Inter;"> suffix.</span></p>
<p class="p_Normal">&nbsp;<br />
If a directory name is used instead of a PEM file, all files found in that directory will be loaded in alphabetical order, excluding files ending in <span style="font-weight: bold;">.issuer</span>, <span style="font-weight: bold;">.ocsp</span>, and <span style="font-weight: bold;">.sctl</span> (reserved solutions).</p>
<p class="p_Normal">&nbsp;<br />
<span style="font-family: Inter;">In the </span><code><b>ca-file</b></code><span style="font-family: Inter;"> parameter, specify the path to the PEM file containing the root certificate. For more details, refer to the </span><span style="font-family: Inter; font-weight: bold;">Configuration Manual</span><span style="font-family: Inter;"> for the used version of HAProxy. For example, for</span><span style="font-size: 13px; font-family: Inter; color: #394149;"> <a href="https://cbonte.github.io/haproxy-dconv/2.5/configuration.html#5.1-crt" target="_blank" class="weblink">HAProxy 2.5</a>:</span></p>
<p class="p_CodeExample" style="line-height: 1.80; white-space: normal; page-break-inside: auto; margin: 0 0 0 34px;"><span class="f_CodeExample">### PostgreSQL ###</span><br />
<span class="f_CodeExample">listen postgres_master</span><br />
<span class="f_CodeExample">  &nbsp; bind haproxy-server.your_domain:5000 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; option tcplog</span><br />
<span class="f_CodeExample">  &nbsp; option httpchk OPTIONS /master</span><br />
<span class="f_CodeExample">  &nbsp; http-check expect status 200</span><br />
<span class="f_CodeExample">  &nbsp; </span><span class="f_CodeExample" style="font-weight: bold;">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server1 postgres-server1.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server2 postgres-server2.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server3 postgres-server3.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample">listen postgres_replicas</span><br />
<span class="f_CodeExample">  &nbsp; bind haproxy-server.your_domain:5001 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; option tcplog</span><br />
<span class="f_CodeExample">  &nbsp; option httpchk OPTIONS /replica</span><br />
<span class="f_CodeExample">  &nbsp; balance roundrobin</span><br />
<span class="f_CodeExample">  &nbsp; http-check expect status 200</span><br />
<span class="f_CodeExample">  &nbsp; </span><span class="f_CodeExample">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 2 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server1 postgres-server1.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server2 postgres-server2.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server3 postgres-server3.your_domain:5432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">### PostgreSQL ###</span></p>
</td>
</tr>
</table>
</div>
<ol style="list-style-type:upper-roman" start="3">
<li value="3" class="p_Normal">Restart HAProxy to apply changes:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; margin: 0 0 0 34px;"><span class="f_CodeExample">sudo&nbsp;systemctl&nbsp;restart&nbsp;haproxy</span></p>
<h2 class="p_Heading2"><a id="haproxypgbouncer" class="hmanchor"></a><span class="f_Heading2">Example of a HAProxy configuration for connecting to PGBouncer</span></h2>
<p class="p_Normal">This configuration is prepared for load balancing traffic in a PostgreSQL cluster, deployed according to the description in the <a href="configure-postgresql.html" class="topiclink">PostgreSQL cluster</a> article, through the <a href="pgbouncer-installation.html" class="topiclink">PGBouncer</a> program. HAProxy is used for balancing. It automatically checks port <code><b>8008</b></code> of Patroni service on PostgreSQL servers with the <code><b>master</b></code> role.</p>
<p class="p_Normal">The operation traffic to the cluster is distributed as follows:</p>
<ul style="list-style-type:disc">
<li class="p_Normal">Write operations coming to <code><b>haproxy-server.your_domain:5000</b></code> are directed to the server with the <code><b>master</b></code> role.</li><li class="p_Normal">Read operations coming to <code><b>haproxy-server.your_domain:5001</b></code> are directed to servers with the <code><b>slave</b></code> role.</li></ul>
<p class="p_Normal">In case of a failure, all traffic will be redirected to the Master-Replica(s) cluster, i.e. write and read operations will start to arrive here.</p>
<p class="p_Normal">In order to create a HAProxy configuration through the PGBouncer program, perform the following actions:</p>
<ol style="list-style-type:upper-roman">
<li value="1" class="p_Normal">Open the configuration file <code><b>haproxy.cfg</b></code> for editing using the following command:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; margin: 0 0 0 34px;"><span class="f_CodeExample">sudo&nbsp;nano&nbsp;/etc/haproxy/haproxy.cfg</span></p>
<ol style="list-style-type:upper-roman" start="2">
<li value="2" class="p_Normal">Edit the <code><b>haproxy.cfg</b></code> configuration file:</li></ol>
<p class="p_Normal" style="margin: 0 0 0 34px;"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A3')">Configuration example</a></p>
<div id="TOGGLE0186A3" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 34px;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_CodeExample" style="line-height: 1.80; white-space: normal; page-break-inside: auto; margin: 0 0 0 34px;"><span class="f_CodeExample">### PostgreSQL ###</span><br />
<span class="f_CodeExample">listen postgres_master</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;bind haproxy-server.your_domain:5000</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option tcplog</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option httpchk OPTIONS /master</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;http-check expect status 200</span><br />
<span class="f_CodeExample"> &nbsp; </span><span class="f_CodeExample" style="font-weight: bold;">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server1 postgres-server1.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server2 postgres-server2.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server3 postgres-server3.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample">listen postgres_replicas</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;bind haproxy-server.your_domain:5001</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option tcplog</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;option httpchk OPTIONS /replica</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;balance roundrobin</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;http-check expect status 200</span><br />
<span class="f_CodeExample"> &nbsp; </span><span class="f_CodeExample" style="font-weight: bold;">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 2 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server1 postgres-server1.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server2 postgres-server2.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample"> &nbsp; &nbsp;server postgres-server3 postgres-server3.your_domain:6432 check port 8008</span><br />
<span class="f_CodeExample">### PostgreSQL ###</span></p>
</td>
</tr>
</table>
</div>
<p class="p_Normal" style="margin: 0 0 0 34px;"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A4')">Example of a HAProxy configuration using SSL</a></p>
<div id="TOGGLE0186A4" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 34px;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal" style="line-height: 1.28; margin: 0 0 11px 0;"><span style="font-family: Inter;">Enabling SSL is possible if OpenSSL support is built in. In the </span><code><b>crt</b></code><span style="font-family: Inter;"> parameter, specify the path to the PEM file containing the required certificates and associated private keys (<a href="fullchain-sertificate.html" class="topiclink">fullchain certificate</a>). If the file does not contain a private key, HAProxy will attempt to load the key from the same path with a </span><span style="font-family: Inter; font-weight: bold;">.key</span><span style="font-family: Inter;"> suffix.</span></p>
<p class="p_Normal">&nbsp;<br />
If a directory name is used instead of a PEM file, all files found in that directory will be loaded in alphabetical order, excluding files ending in <span style="font-weight: bold;">.issuer</span>, <span style="font-weight: bold;">.ocsp</span>, and <span style="font-weight: bold;">.sctl</span> (reserved solutions).</p>
<p class="p_Normal">&nbsp;<br />
<span style="font-family: Inter;">In the </span><code><b>ca-file</b></code><span style="font-family: Inter;"> parameter, specify the path to the PEM file containing the root certificate. For more details, refer to the </span><span style="font-family: Inter; font-weight: bold;">Configuration Manual</span><span style="font-family: Inter;"> for the used version of HAProxy. For example, for</span><span style="font-size: 13px; font-family: Inter; color: #394149;"> <a href="https://cbonte.github.io/haproxy-dconv/2.5/configuration.html#5.1-crt" target="_blank" class="weblink">HAProxy 2.5</a>:</span><br />
<span style="font-size: 13px; font-family: Inter; color: #394149;">&nbsp;</span></p>
<p class="p_CodeExample" style="line-height: 1.80; white-space: normal; page-break-inside: auto; margin: 0 0 0 34px;"><span class="f_CodeExample">### PostgreSQL ###</span><br />
<span class="f_CodeExample">listen postgres_master</span><br />
<span class="f_CodeExample">  &nbsp; bind haproxy-server.your_domain:5000 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; option tcplog</span><br />
<span class="f_CodeExample">  &nbsp; option httpchk OPTIONS /master</span><br />
<span class="f_CodeExample">  &nbsp; http-check expect status 200</span><br />
<span class="f_CodeExample">  &nbsp; </span><span class="f_CodeExample">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 4 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server1 postgres-server1.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server2 postgres-server2.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server3 postgres-server3.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample">listen postgres_replicas</span><br />
<span class="f_CodeExample">  &nbsp; bind haproxy-server.your_domain:5001 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; option tcplog</span><br />
<span class="f_CodeExample">  &nbsp; option httpchk OPTIONS /replica</span><br />
<span class="f_CodeExample">  &nbsp; balance roundrobin</span><br />
<span class="f_CodeExample">  &nbsp; http-check expect status 200</span><br />
<span class="f_CodeExample">  &nbsp; </span><span class="f_CodeExample">default</span><span class="f_CodeExample">-server inter 3s fastinter 1s fall 3 rise 2 on-marked-down shutdown-sessions</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server1 postgres-server1.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server2 postgres-server2.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA.your_domain.pem</span><br />
<span class="f_CodeExample">  &nbsp; server postgres-server3 postgres-server3.your_domain:6432 check port 8008 ssl crt /etc/haproxy/ssl/haproxy-server.your_domain.pem ca-file /etc/haproxy/ssl/rootCA_your_domain.pem</span><br />
<span class="f_CodeExample">### PostgreSQL ###</span></p>
</td>
</tr>
</table>
</div>
<ol style="list-style-type:upper-roman" start="3">
<li value="3" class="p_Normal">Restart HAProxy to apply changes:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; margin: 0 0 0 34px;"><span class="f_CodeExample">sudo&nbsp;systemctl&nbsp;restart&nbsp;haproxy</span></p>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="fail-safe-haproxy.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">fail-safe-haproxy.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="haproxy-rabbitmq.html">
<span class="bottom-nav__link">haproxy-rabbitmq.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
<script type="text/javascript">
HMInitToggle('TOGGLE0186A1','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A2','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A3','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A4','hm.type','dropdown','hm.state','0');
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink