TCP/UDP – Access via HAProxy
🔁 Introduction
HAProxy can act as a TCP or UDP proxy at layer 4 (transport layer), allowing redirection of services such as:
- MySQL / PostgreSQL (TCP)
- Redis, MongoDB, RDP (TCP)
- SNMP, DNS (UDP)
🛠️ Basic Structure – TCP
🔹 TCP Frontend
frontend ft_mysql_tcp
bind *:33090
mode tcp
default_backend bk_mysql_tcp
🔸 TCP Backend
backend bk_mysql_tcp
mode tcp
server mysql1 10.101.10.10:3306 check
Explanation:
bind *:33090: listens for TCP connections on port 33090 (external).mode tcp: defines that the traffic will be handled as pure TCP.server: internal IP and port of the real service (in this example, MySQL).check: enables basic TCP check (SYN/ACK).
🌐 Basic Structure – UDP (HAProxy 2.0+)
🔹 UDP Frontend
frontend ft_snmp_udp
bind *:161 proto udp
mode udp
default_backend bk_snmp_udp
🔸 UDP Backend
backend bk_snmp_udp
mode udp
server snmp1 10.10.10.50:161
Explanation:
proto udp: enables UDP mode.mode udp: required to forward datagram packets.
⚠️ UDP mode requires HAProxy 2.0 or higher.
🧩 Understanding the TCP/UDP Block in HAProxy
frontend ft_postgresql_tcp
bind *:54320
mode tcp
default_backend bk_pg
backend bk_pg
mode tcp
server pg1 10.200.10.10:5432 check
🔈 bind
Listens for connections on the specified external port. It is common to map non-standard ports (e.g., 54320) to increase security.
🔁 default_backend
Defines which backend will be used to receive the redirected connections.
🧠 mode tcp | udp
Defines the type of protocol handled. Prevents HAProxy from trying to interpret HTTP headers.
🔎 check
Enables TCP check (does not apply to UDP).
✅ External Usage Example
🎯 Accessing PostgreSQL (TCP)
- HAProxy IP:
203.0.113.10 - External port:
54320
psql -h 203.0.113.10 -p 54320 -U postgres