How to Install Haproxy With Http and Https on Centos 6.X


Install Haproxy With Http and Https both

What is haproxy?
Configure Servers that HTTP connection to HAProxy Server is forwarded to backend Web Servers.

Here is the setup like this===
1. server3.kminfo.com [192.168.100.158] - Haproxy Load Balancer Server
2. server2.kminfo.com [192.168.100.127] - Web Server#2
3. server1.kminfo.com [192.168.100.156] - Web Server#1

Step 1: Install HAProxy.

# yum -y install haproxy

N.B: And one more thing before configure HAProxy prepare two webserver for backend.

Step 2: Configure HAProxy(For HTTP)

# mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
# vi /etc/haproxy/haproxy.cfg

# create new
 global
      # for logging section
    log         127.0.0.1 local2 info
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
      # max per-process number of connections
    maxconn     256
      # process' user and group
    user        haproxy
    group       haproxy
      # makes the process fork into background
    daemon

defaults
      # running mode
    mode               http
      # use global settings
    log                global
      # get HTTP request log
    option             httplog
      # timeout if backends do not reply
    timeout connect    10s
      # timeout on client side
    timeout client     30s
      # timeout on server side
    timeout server     30s

# define frontend ( set any name for "http-in" section )
frontend http-in
      # listen 80
    bind *:80
      # set default backend
    default_backend    backend_servers
      # send X-Forwarded-For header
    option             forwardfor

# define backend
backend backend_servers
      # balance with roundrobin
    balance            roundrobin
      # define backend servers
    server             server1.kminfo.com 192.168.100.156:80 check # (hostname of webserver#1)
    server             server2.kminfo.com 192.168.100.127:80 check # (hostname of webserver#2)

Save n exit (:wq)

# /etc/rc.d/init.d/haproxy start
# chkconfig haproxy on

 Step 3: Configure Rsyslog to get logs for HAProxy.

# vi /etc/rsyslog.conf

# line 13,14: uncomment, lne 15: add
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1(add on line nu 15)

# line 42: change like follows
*.info;mail.none;authpriv.none;cron.none,local2.none   /var/log/messages
local2.*                                                                      /var/log/haproxy.log

Save n exit(:wq)

# service rsyslog restart

Step 4: Configure Haproxy(For HTTPS).

# cd /etc/pki/tls/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/haproxy.pem -out /etc/pki/tls/certs/haproxy.pem -days 365

Generating a 2048 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/pki/tls/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP# country
State or Province Name (full name) [Some-State]:Hiroshima   # state
Locality Name (eg, city) []:Hiroshima# city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Server World   # company
Organizational Unit Name (eg, section) []:IT Solution   # department
Common Name (eg, YOUR name) []:dlp.server.world   # server's FQDN
Email Address []:xxx@server.world # admin email address

# chmod 600 haproxy.pem

# vi /etc/haproxy/haproxy.cfg

## add in the "global" section

# max per-process number of SSL connections
maxsslconn     256
# set 2048 bits for Diffie-Hellman key
tune.ssl.default-dh-param 2048

## add follows in the "frontend" section

# specify port and certs
bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem

Save n exit(:wq)

# /etc/rc.d/init.d/haproxy restart

# service iptables stop

##Stop selinux

# setenforce 0

Step 5: then try to open your haproxy server like this:==

http://IPaddress
https://IPaddress

try to open open both and just refresh on every refresh the backen servers will be altered.
---- DONE,Thanks ----