How to route HTTP traffic to a non-charmed workload through HAProxy¶
You can use the ingress-configurator charm to route traffic from HAProxy to a backend application that is not managed by a Juju charm.
Prerequisites¶
Deploy the haproxy and self-signed-certificates charms:
juju deploy haproxy --channel=2.8/edge --base=ubuntu@24.04
juju deploy self-signed-certificates cert
juju integrate haproxy:certificates cert
Ensure you have a backend workload running and accessible from the Juju model. Set its IP address in a variable:
BACKEND_IP=<backend-ip>
Note
backend-addresses accepts IP addresses only, not FQDNs.
Verify the backend is responding:
curl http://${BACKEND_IP}/ -I
Adjust the path to match an endpoint exposed by your backend workload.
You should see a successful HTTP response from the backend.
Deploy the ingress-configurator charm¶
juju deploy ingress-configurator --channel=edge
Configure the ingress-configurator charm¶
Integrate the ingress-configurator charm with the haproxy charm:
juju integrate haproxy ingress-configurator
Configure the backend address, port, and hostname:
HOSTNAME=<hostname>
juju config ingress-configurator \
backend-addresses=${BACKEND_IP} \
backend-ports=<backend-port> \
hostname=${HOSTNAME}
Verify that the backend is reachable through HAProxy¶
Get the HAProxy public IP address:
HAPROXY_IP=$(juju status --format=json | jq -r '.applications["haproxy"].units["haproxy/0"]."public-address"')
Send a request using the configured hostname:
curl -i "https://${HAPROXY_IP}/" --insecure -H "Host: ${HOSTNAME}"
Adjust the path to match an endpoint exposed by your backend workload.
You should see a response from the backend workload, confirming that HAProxy is correctly routing traffic to it.