Skip to main content
Table of contents

This is for internal use by the PaaS team. Public-facing documentation is located at docs.cloud.service.gov.uk.

ADR035: Do not use HAProxy ; Use AWS ALBs

Context

In ADR008 and ADR014 we decided to use HAProxy, for three reasons:

  • Writing HSTS header if they are not present in the upstream request
  • Implementing HTTP -> HTTPS redirect
  • Custom health check for Gorouter

These problems have since been fixed:

  • Header rewriting was implemented in v0.183.0
  • HTTP healthchecking was implemented in v0.139.0
  • HTTP -> HTTPS redirect can be done using AWS ALBs

We currently use multiple ELBs (classic) which we want to replace with ALBs. We want to use ALBs because:

  • ELBs are deprecated in terraform and cause crashes
  • ALBs can give us more metrics in CloudWatch
  • ALBs have better support for X-Forwarded-For
  • ALBs support fixed-response which can be used for HTTP -> HTTPS rewriting

HAProxy adds significant complexity to our routing deployment and maintenance:

  • Proxy Protocol is non-standard and hard to understand
  • HTTP -> HTTPS rewriting is hard to understand
  • HAProxy config is rarely touched
  • We have to maintain our own HAProxy BOSH release
  • HAProxy duplicates the number of logs we receive because every platform request is written twice
  • HAProxy adds an extra network hop for every request

Decision

  • Replace ELBs with ALBs
  • Use ALB fixed-response to redirect HTTP -> HTTPS
  • Use Gorouter directly for:
    • TLS termination
    • HSTS header rewriting
    • Healthchecking the router instance
  • Remove HAProxy

Status

Accepted

Consequences

  • We will archive alphagov/paas-haproxy-release
  • We must use Gorouter’s /health endpoint for drained healthchecking
  • We must communicate with tenants that the X-Forwarded-For header contents will change
  • We will no longer have HAProxy logs, and save money on log ingestion/storage