How to add HAProxy features to an ingress requirer charm

Charms that implement only the ingress relation can leverage the additional features of the haproxy-route relation with the help of the ingress-configurator charm.

Deploy the charms

Deploy the ingress requirer charm:

juju deploy <ingress-requirer-charm>

If your charm has a separate action or configuration step to start the workload, run it now and wait until the unit is active.

This guide assumes the ingress requirer charm already works correctly.

Deploy the haproxy and self-signed-certificates charms:

juju deploy haproxy --channel=2.8/edge --base=ubuntu@24.04
juju deploy self-signed-certificates 
juju integrate haproxy:certificates self-signed-certificates

Deploy the ingress-configurator charm:

juju deploy ingress-configurator --channel=edge

Configure relations

Integrate the ingress-configurator charm with both the haproxy charm and the ingress requirer:

juju integrate haproxy ingress-configurator
juju integrate ingress-configurator:ingress <ingress-requirer-charm>

Configure a hostname:

HOSTNAME=<hostname>
juju config ingress-configurator hostname=${HOSTNAME}

If hostname is not set, the endpoint hostname is provided by the haproxy-route side.

(Optional) Configure additional hostnames

To expose the workload on additional hostnames, configure additional-hostnames:

juju config ingress-configurator additional-hostnames=<hostname1>,<hostname2>

(Optional) Configure path-based routing

To restrict routing to specific URL paths, configure paths:

juju config ingress-configurator paths=<path1>,<path2>

(Optional) Deny path-based routing

To prevent specific URL paths from being routed to the workload, configure deny-paths:

juju config ingress-configurator deny-paths=<path1>,<path2>

Verify proxied endpoints

Use the get-proxied-endpoints action on ingress-configurator:

juju run ingress-configurator/leader get-proxied-endpoints

You should see https://${HOSTNAME}/ in the endpoints field.

If additional-hostnames is configured, those hostnames should also appear in the endpoints field.

Verify routing with curl

Get the HAProxy public IP address:

HAPROXY_IP=$(juju status --format=json | jq -r '.applications["haproxy"].units["haproxy/0"]."public-address"')

Use that IP address in a request with the configured hostname:

curl -i "https://${HAPROXY_IP}/" -H "Host: ${HOSTNAME}" --insecure

Adjust the path to match an endpoint exposed by your backend workload.

You should see a response from the backend workload, confirming that HAProxy is correctly routing traffic to it.