Revision as of 16:17, 22 July 2013

Installation

$ apt-get install make

for gcc

$ apt-get install build-essential

If the following error occurs,

# Install libpcre3-dev if you get "include/common/regex.h:28:18: fatal error: pcre.h: No such file or directory"

install

$ apt-get install libpcre3-dev

If the following error occurs,

# libssl-dev if you get "include/types/server.h:29:25: fatal error: openssl/ssl.h: No such file or directory"

install

$ apt-get install libssl-dev

HAProxy website:

http://haproxy.1wt.eu/

HAProxy Installation

Download HAProxy,

e.g.)

$ wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev19.tar.gz

Install

$ tar -zxvf haproxy-1.5-dev19.tar.gz 
$ cd haproxy-1.5-dev19 
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 
$ make install

Clean all for recompilation

$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 clean all

Add haproxy user

$ useradd -m haproxy -s /bin/false

For SSL support

$ cat server_domain-crt-bundle.crt server_domain.key > server_domain.pem

Modify the /etc/haproxy/haproxy.cfg file

  bind :443 ssl crt /etc/ssl/certs/server_domain.pem

Configuration

haproxy.cfg

Example of /etc/haproxy/haproxy.cfg

global
  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice
  #log loghost  local0 info
  maxconn 4096
  #chroot /usr/share/haproxy
  user haproxy
  group haproxy
  daemon
  #debug
  #quiet
  stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin

defaults
  log global
  mode  http
  option  httplog
  option  dontlognull
  retries 3
  option redispatch
  maxconn 2000
  contimeout  5000
  clitimeout  50000
  srvtimeout  50000

## first.domain.com { ##

# frontend public
frontend http_first
  # HTTP
  bind 192.168.0.222:80

  # Redirect all HTTP traffic to HTTPS
  redirect scheme https if !{ ssl_fc }
 
frontend https_first

  bind 192.168.0.222:443 ssl crt /location/to/ssl/first.pem

  default_backend main_backend_https

backend main_backend_https
  mode http

  # Tell the backend that this is a secure connection,
  # even though it's getting plain HTTP.
  reqadd X-Forwarded-Proto:\ https

  # Check by hitting a page intended for this use.
#  option httpchk GET /isrunning
  option httpchk
  timeout check 500ms
  # Wait 500ms between checks.

  option forwardfor header X-Real-IP
  option http-server-close

  balance roundrobin
  cookie JSESSIONID prefix

  server app_backend1 192.168.0.301:80 check port 80 cookie app_backend1
  server app_backend2 192.168.0.302:80 check port 80 cookie app_backend2

## } first.domain.com ##


## second.domain.com { ##

frontend http_second

  bind 192.168.0.202:80

  redirect scheme https if !{ ssl_fc }

frontend https_second

  bind 192.168.0.202:443 ssl crt /location/to/ssl/second.pem

  default_backend main_backend_https

## } second.domain.com ##


## third.domain.com { ##

frontend http_third

  bind 192.168.0.203:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_third

  bind 192.168.0.203:443 ssl crt /location/to/ssl/third.pem

  default_backend main_backend_https

## } third.domain.com ##


## fourth.domain.com { ##

frontend http_fourth

  bind 192.168.0.204:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_fourth

  bind 192.168.0.204:443 ssl crt /location/to/ssl/fourth.pem

  default_backend main_backend_https

## } fourth.domain.com ##


## fifth.domain.com { ##

frontend http_fifth

  bind 192.168.0.205:80
  redirect scheme https if !{ ssl_fc }
 
frontend https_fifth

  bind 192.168.0.205:443 ssl crt /location/to/ssl/fifth.pem

  default_backend main_backend_https

## } fifth.domain.com ##

HAProxy

From KevinWiki

Revision as of 16:17, 22 July 2013

Contents

Installation

HAProxy Installation

Configuration

haproxy.cfg

Views

Personal tools

Navigation

Search

Toolbox