Difference between revisions of "HA Proxy Setup"
(Created page with "First set up new CentOS 78 machine from ISO with minimal install and configure per the following article. New CentOS 7 Server Setup Commands Then install and configure H...") |
|||
| Line 46: | Line 46: | ||
# restorecon haproxy-https.xml | # restorecon haproxy-https.xml | ||
# chmod 640 haproxy-https.xml | # chmod 640 haproxy-https.xml | ||
| + | |||
| + | The above firewall configuration is annoying and may not work. Instead, just use the following: | ||
| + | |||
| + | <pre> | ||
| + | # firewall-cmd --add-port=80/tcp | ||
| + | # firewall-cmd --permanent --add-port=80/tcp | ||
| + | # firewall-cmd --add-port=443/tcp | ||
| + | # firewall-cmd --permanent --add-port=443/tcp | ||
| + | </pre> | ||
If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide. | If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide. | ||
Revision as of 05:12, 23 July 2020
First set up new CentOS 78 machine from ISO with minimal install and configure per the following article.
New CentOS 7 Server Setup Commands
Then install and configure HA PRoxy:
Install haproxy.
# yum install haproxy
Configure haproxy for SELinux and HTTP.
# vim /etc/firewalld/services/haproxy-http.xml
Add the following lines:
<?xml version="1.0" encoding="utf-8"?> <service> <short>HAProxy-HTTP</short> <description>HAProxy load-balancer</description> <port protocol="tcp" port="80"/> </service>
As root, assign the correct SELinux context and file permissions to the haproxy-http.xml file.
# cd /etc/firewalld/services # restorecon haproxy-http.xml # chmod 640 haproxy-http.xml
If you intend to use HTTPS, configure haproxy for SELinux and HTTPS.
# vim /etc/firewalld/services/haproxy-https.xml
Add the following lines:
<?xml version="1.0" encoding="utf-8"?> <service> <short>HAProxy-HTTPS</short> <description>HAProxy load-balancer</description> <port protocol="tcp" port="443"/> </service>
As root, assign the correct SELinux context and file permissions to the haproxy-https.xml file.
# cd /etc/firewalld/services # restorecon haproxy-https.xml # chmod 640 haproxy-https.xml
The above firewall configuration is annoying and may not work. Instead, just use the following:
# firewall-cmd --add-port=80/tcp # firewall-cmd --permanent --add-port=80/tcp # firewall-cmd --add-port=443/tcp # firewall-cmd --permanent --add-port=443/tcp
If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide. Finally, put the certificate and key into a PEM file.
# cat example.com.crt example.com.key > example.com.pem # cp example.com.pem /etc/ssl/private/
Configure HAProxy.
# vim /etc/haproxy/haproxy.cfg
The global and defaults sections of haproxy.cfg may remain unchanged. After the defaults sections, you will need to configure frontend and backend sections, as in the following example:
frontend http_web *:80
mode http
default_backend rgw
frontend rgw-https
bind <insert vip ipv4>:443 ssl crt /etc/ssl/private/example.com.pem
default_backend rgw
backend rgw
balance roundrobin
mode http
server rgw1 10.0.0.71:80 check
server rgw2 10.0.0.80:80 check
Enable/start haproxy
# systemctl enable haproxy # systemctl start haproxy
