Hi all, We are running HAProxy on our Docker / Swarm / Weave cluster also featuring Weave-DNS for service discovery between the containers in the cluster. We are deploying fairly often to the cluster for both dev and stage environments and was very happy to see the DNS Resolvers feature introduced with HAProxy 1.6. Problem is that I cannot seem to get this feature to work with our setup. HAProxy does never pick up a DNS change as it is supposed to, so when a container is redeployed the backend will go down whenever the container gets assigned a new IP from Weave.
Weave-DNS is available on every node in the cluster on IP 172.17.42.1 and I can resolve all the internal DNS names using the resolver at this address to the correct IP from inside the container running HAProxy. The DNS changes immediately when a container is redeployed and gets assigned a new IP. A simplified and anonymised version of our HAProxy config: defaults log global option httplog option dontlognull option log-health-checks option httpchk mode http option http-server-close timeout connect 7s timeout client 10s timeout server 10s timeout check 5s resolvers weave-dns nameserver dns1 172.17.42.1:53 timeout retry 1s hold valid 10s frontend http-in bind *:80 acl acl_domain1 hdr(host) -i domain1.io use_backend backend_domain1 if acl_domain1 acl acl_domain2 hdr(host) -i domain2.io use_backend backend_domain2 if acl_domain2 frontend https-in bind *:443 ssl crt /data/ssl-certs/ reqadd X-Forwarded-Proto:\ https acl acl_domain1 hdr(host) -i domain1.io use_backend backend_domain1 if acl_domain1 acl acl_domain2 hdr(host) -i domain2.io use_backend backend_domain2 if acl_domain2 backend backend_domain1 server domain1-server domain1.weave.local:80 check inter 1000 resolvers weave-dns resolve-prefer ipv4 backend backend_domain2 server domain2-server domain2.weave.local:80 check inter 1000 resolvers weave-dns resolve-prefer ipv4 Is there any reason why the server check should not pick up the DNS change and update HAProxy with the new IP so the backend continue to work when we do a redeploy? I also encountered another issue when trying to upgrade to the final 1.6.0 version. The server is using two wildcard certificates in the folder specified in the config. When running the ssllabs.com SSL test on the server at domain2 (the cert that is not the default one, but using SNI) then HAProxy segfaults and dies completely. This behaviour is not observed on neither of the 1.6.0-devX builds.
smime.p7s
Description: S/MIME cryptographic signature