HA Proxy Setup

From Labrats.us
Revision as of 05:12, 23 July 2020 by Sfiggins (talk | contribs)
Jump to navigationJump to search

First set up new CentOS 78 machine from ISO with minimal install and configure per the following article.

New CentOS 7 Server Setup Commands

Then install and configure HA PRoxy:

Install haproxy. 

   # yum install haproxy

Configure haproxy for SELinux and HTTP. 

   # vim /etc/firewalld/services/haproxy-http.xml

Add the following lines: 

   <?xml version="1.0" encoding="utf-8"?>
   <service>
   <short>HAProxy-HTTP</short>
   <description>HAProxy load-balancer</description>
   <port protocol="tcp" port="80"/>
   </service>

As root, assign the correct SELinux context and file permissions to the haproxy-http.xml file. 

   # cd /etc/firewalld/services
   # restorecon haproxy-http.xml
   # chmod 640 haproxy-http.xml

If you intend to use HTTPS, configure haproxy for SELinux and HTTPS. 

   # vim /etc/firewalld/services/haproxy-https.xml

Add the following lines: 

   <?xml version="1.0" encoding="utf-8"?>
   <service>
   <short>HAProxy-HTTPS</short>
   <description>HAProxy load-balancer</description>
   <port protocol="tcp" port="443"/>
   </service>

As root, assign the correct SELinux context and file permissions to the haproxy-https.xml file. 

   # cd /etc/firewalld/services
   # restorecon haproxy-https.xml
   # chmod 640 haproxy-https.xml

The above firewall configuration is annoying and may not work. Instead, just use the following: 

# firewall-cmd --add-port=80/tcp
# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --add-port=443/tcp
# firewall-cmd --permanent --add-port=443/tcp

If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide. Finally, put the certificate and key into a PEM file. 

   # cat example.com.crt example.com.key > example.com.pem
   # cp example.com.pem /etc/ssl/private/

Configure HAProxy. 

   # vim /etc/haproxy/haproxy.cfg

The global and defaults sections of haproxy.cfg may remain unchanged. After the defaults sections, you will need to configure frontend and backend sections, as in the following example: 

   frontend http_web *:80
       mode http
       default_backend rgw

   frontend rgw­-https
     bind <insert vip ipv4>:443 ssl crt /etc/ssl/private/example.com.pem
     default_backend rgw

   backend rgw
       balance roundrobin
       mode http
       server  rgw1 10.0.0.71:80 check
       server  rgw2 10.0.0.80:80 check

Enable/start haproxy 

   # systemctl enable haproxy
   # systemctl start haproxy
Retrieved from "https://www.labrats.us//wiki/index.php?title=HA_Proxy_Setup&oldid=248"