HAProxy를 설치하고 설정하는 방법을 설명합니다.

설치준비

1. wget http://www.haproxy.org/download/1.8/src/haproxy-1.4.22.tar.gz
   

설치

1. tar xfz haproxy-1.4.22.tar.gz
2. cd haproxy-1.4.22
3. vi Makefile -> "PREFIX = /usr/local" 를 "PREFIX = /usr"로 수정.
4. make TARGET=linux26 ARCH=x86_64
5. make install

설정

1. groupadd haproxy
2. useradd haproxy -g haproxy

3. vi /etc/haproxy/haproxy.cfg

   ※ Proxy server를 SSL 로 서버를 구성할 경우 주석된 443, 7002 포트를 참고 및 재활용한다. 
   ※ 80 port는 사용자(브라우저)포트, 7001 port는 장치(LFD) 포트.

   global    log  /dev/log local0 info    log  /dev/log local1 notice    maxconn 4096    user haproxy    group haproxy defaults    log global    mode http    option tcplog    option dontlognull    retries 3    option redispatch    maxconn 2000    timeout connect 5000    timeout client 50000    timeout server 50000   frontend browser_port    bind *:80    mode  http    option  forwardfor    option  httpclose    default_backend web_server_session frontend device_port    bind *:7001    mode  http    option  forwardfor    option  httpclose    default_backend web_server_rr # frontend user_port_ssl #    mode http #    bind *:443 ssl crt /etc/ssl/MagicInfoCert.pem #    acl is_root path -i / #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    redirect code 301 location https://10.89.37.68/MagicInfo if is_root #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    default_backend web_server_session #frontend device_port_ssl #    mode http #    bind *:7002 ssl crt /etc/ssl/haproxy/MagicInfo.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    default_backend web_server_rr backend web_server_session     balance source     option forwardfor     server WEB1 192.168.10.101:80 cookie A check     server WEB2 192.168.10.102:80 cookie B check backend web_server_rr     balance roundrobin      option forwardfor     server WEB1 192.168.10.101:7001 check     server WEB2 192.168.10.102:7001 check      http-request set-header X-FORWARD-PORT % [dst_port]  frontend magicinfo_rm1      bind *:8000      mode  http      option  httpclose      option  forwardfor      default_backend rm_server1 backend rm_server1      mode http      server rm1 192.168.10.101:8000 frontend magicinfo_rm2      bind *:8001      mode  http      option  httpclose      option  forwardfor      default_backend rm_server2 backend rm_server2      mode http      server rm2 192.168.10.102:8001 frontend magicinfo_ftp    bind *:21    mode   tcp    option   tcplog    default_backend ftp_server backend ftp_server      option tcplog      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 21 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 21 inter 10s rise 1 fall 2 frontend magicinfo_ftps      bind *:990      mode tcp      option tcplog      default_backend ftps_server backend ftps_server      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 990 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 990 inter 10s rise 1 fall 2 frontend magicinfo_passive_ftp      bind *:17001-17100      mode tcp      option tcplog      default_backend passive_ftp_server backend passive_ftp_server      mode tcp      option tcplog      balance leastconn      server FTP1 192.168.10.101      server FTP2 192.168.10.102 frontend VNC       bind *:5901      mode tcp      option tcplog      default_backend magicinfo_vnc backend magicinfo_vnc      mode tcp      server VNC1 192.168.10.101:5901 check frontend VNC_Viewer       bind *:5500      mode tcp      option tcplog      default_backend magicinfo_vnc_viewer backend magicinfo_vnc_viewer      mode tcp      server VNC1 192.168.10.101:5500 check

4. vi /etc/hosts

   127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.10.101 webA 192.168.10.102 webB

5. 방화벽 해제

   service iptables stop

6. 서비스 등록 및 시작

   cd examples cp haproxy.init /etc/rc.d/init.d/haproxy service haproxy restart

관련 문서