Install Haproxy With Http and Https both
What is haproxy?
Configure Servers that HTTP connection to HAProxy Server is forwarded to backend Web Servers.
Here is the setup like this===
1. server3.kminfo.com [192.168.100.158] - Haproxy Load Balancer Server
2. server2.kminfo.com [192.168.100.127] - Web Server#2
3. server1.kminfo.com [192.168.100.156] - Web Server#1
Step 1: Install HAProxy.
# yum -y install haproxy
N.B: And one more thing before configure HAProxy prepare two webserver for backend.
Step 2: Configure HAProxy(For HTTP)
# mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
# vi /etc/haproxy/haproxy.cfg
# create new
global
# for logging section
log 127.0.0.1 local2 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
# max per-process number of connections
maxconn 256
# process' user and group
user haproxy
group haproxy
# makes the process fork into background
daemon
defaults
# running mode
mode http
# use global settings
log global
# get HTTP request log
option httplog
# timeout if backends do not reply
timeout connect 10s
# timeout on client side
timeout client 30s
# timeout on server side
timeout server 30s
# define frontend ( set any name for "http-in" section )
frontend http-in
# listen 80
bind *:80
# set default backend
default_backend backend_servers
# send X-Forwarded-For header
option forwardfor
# define backend
backend backend_servers
# balance with roundrobin
balance roundrobin
# define backend servers
server server1.kminfo.com 192.168.100.156:80 check # (hostname of webserver#1)
server server2.kminfo.com 192.168.100.127:80 check # (hostname of webserver#2)
Save n exit (:wq)
# /etc/rc.d/init.d/haproxy start
# chkconfig haproxy on
Step 3: Configure Rsyslog to get logs for HAProxy.
# vi /etc/rsyslog.conf
# line 13,14: uncomment, lne 15: add
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1(add on line nu 15)
# line 42: change like follows
*.info;mail.none;authpriv.none;cron.none,local2.none /var/log/messages
local2.* /var/log/haproxy.log
Save n exit(:wq)
# service rsyslog restart
Step 4: Configure Haproxy(For HTTPS).
# cd /etc/pki/tls/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/haproxy.pem -out /etc/pki/tls/certs/haproxy.pem -days 365
Generating a 2048 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/pki/tls/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP# country
State or Province Name (full name) [Some-State]:Hiroshima # state
Locality Name (eg, city) []:Hiroshima# city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Server World # company
Organizational Unit Name (eg, section) []:IT Solution # department
Common Name (eg, YOUR name) []:dlp.server.world # server's FQDN
Email Address []:xxx@server.world # admin email address
# chmod 600 haproxy.pem
# vi /etc/haproxy/haproxy.cfg
## add in the "global" section
# max per-process number of SSL connections
maxsslconn 256
# set 2048 bits for Diffie-Hellman key
tune.ssl.default-dh-param 2048
## add follows in the "frontend" section
# specify port and certs
bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem
Save n exit(:wq)
# /etc/rc.d/init.d/haproxy restart
# service iptables stop
##Stop selinux
# setenforce 0
Step 5: then try to open your haproxy server like this:==
http://IPaddress
https://IPaddress
try to open open both and just refresh on every refresh the backen servers will be altered.
---- DONE,Thanks ----