버전 비교

이전 버전 1

changes.mady.by.user admin

에 저장

비교대상

새 버전 현재

changes.mady.by.user admin

에 저장

  • 이 줄이 추가되었습니다.
  • 이 줄이 삭제되었습니다.
  • 서식이 변경되었습니다.
Sv translation
languageko_KR

HAProxy를 설치하고 설정하는 방법을 설명합니다.

설치준비

  1. 아래 명령어를 실행하여 HA Proxy 파일을 다운로드 받습니다. 

wget http://www.haproxy.org/download/1.8/src/haproxy-1.4.22.tar.gz


설치

  1. 아래 명령어를 차례대로 실행하여 HA Proxy를 설치합니다. 
    1. tar xfz haproxy-1.4.22.tar.gz
    2. cd haproxy-1.4.22
    3. vi Makefile -> "PREFIX = /usr/local" 를 "PREFIX = /usr"로 수정.
    4. make TARGET=linux26 ARCH=x86_64
    5. make install

설정

  1. 아래 명령어를 실행하여 HA Proxy 설정을 변경한다.
    1. groupadd haproxy
    2. useradd haproxy -g haproxy

    3. vi /etc/haproxy/haproxy.cfg

      ※ Proxy server를 SSL 로 서버를 구성할 경우 주석된 443, 7002 포트를 참고 및 재활용합니다. 
      ※ 80 port는 사용자(브라우저)포트, 7001 port는 장치(LFD) 포트입니다. 

      global    log  /dev/log local0 info    log  /dev/log local1 notice    maxconn 4096    user haproxy    group haproxy

      defaults    log global    mode http    option tcplog    option dontlognull    retries 3    option redispatch    maxconn 2000    timeout connect 5000    timeout client 50000    timeout server 50000  

      frontend browser_port    bind *:80    mode  http    option  forwardfor    option  httpclose    default_backend web_server_session
      frontend device_port    bind *:7001    mode  http    option  forwardfor    option  httpclose    default_backend web_server_rr

      # frontend user_port_ssl
      #    mode http
      #    bind *:443 ssl crt /etc/ssl/MagicInfoCert.pem
      #    acl is_root path -i /
      #    http-request add-header X-Forwarded-Proto https if { ssl_fc }
      #    redirect code 301 location https://10.89.37.68/MagicInfo if is_root
      #    cookie JSESSIONID prefix
      #    option forwardfor
      #    capture request header Referrer len 64
      #    capture request header Content-Length len 10
      #    capture request header User-Agent len 64
      #    stats enable 
      # Enable stats page
      #    stats refresh 30s
      #    stats hide-version 
      # Hide HAProxy version
      #    stats realm Haproxy\ Statistics 
      # Title text for popup window
      #    stats uri /haproxy_stats 
      # Stats URI
      #    stats auth icinga:20Monitor17 
      # Authentication credentials
      #    default_backend web_server_session


      #frontend device_port_ssl
      #    mode http

      #    bind *:7002 ssl crt /etc/ssl/haproxy/MagicInfo.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA
      #    cookie JSESSIONID prefix
      #    option forwardfor
      #    capture request header Referrer len 64
      #    capture request header Content-Length len 10
      #    capture request header User-Agent len 64
      #    stats enable 
      # Enable stats page
      #    stats refresh 30s
      #    stats hide-version 
      # Hide HAProxy version
      #    stats realm Haproxy\ Statistics 
      # Title text for popup window
      #    stats uri /haproxy_stats 

      # Stats URI

      #    stats auth icinga:20Monitor17 


      # Authentication credentials
      #    http-request add-header X-Forwarded-Proto https if { ssl_fc }
      #    default_backend web_server_rr

      backend web_server_session   
       balance source   
       option forwardfor   
       server WEB1 192.168.10.101:80 cookie A check   
       server WEB2 192.168.10.102:80 cookie B check

      backend web_server_rr   
       balance roundrobin   
        option forwardfor   
       server WEB1 192.168.10.101:7001 check   
       server WEB2 192.168.10.102:7001 check    
       http-request set-header X-FORWARD-PORT % [dst_port] 


      frontend magicinfo_rm1    
       bind *:8000    
       mode  http    
       option  httpclose    
       option  forwardfor    
       default_backend rm_server1

      backend rm_server1    
       mode http    
       server rm1 192.168.10.101:8000


      frontend magicinfo_rm2    
       bind *:8001    
       mode  http    
       option  httpclose    
       option  forwardfor    
       default_backend rm_server2


      backend rm_server2    
       mode http    
       server rm2 192.168.10.102:8001


      frontend magicinfo_ftp    bind *:21    mode   tcp    option   tcplog    default_backend ftp_server

      backend ftp_server    
       option tcplog    
       mode tcp    
       balance leastconn    
       server FTP1 192.168.10.101 check port 21 inter 10s rise 1 fall 2     
       server FTP2 192.168.10.102 check port 21 inter 10s rise 1 fall 2

      frontend magicinfo_ftps    
       bind *:990    
       mode tcp    
       option tcplog    
       default_backend ftps_server

      backend ftps_server    
       mode tcp    
       balance leastconn    
       server FTP1 192.168.10.101 check port 990 inter 10s rise 1 fall 2     
       server FTP2 192.168.10.102 check port 990 inter 10s rise 1 fall 2

      frontend magicinfo_passive_ftp    
       bind *:17001-17100    
       mode tcp    
       option tcplog    
       default_backend passive_ftp_server

      backend passive_ftp_server    
       mode tcp    
       option tcplog    
       balance leastconn    
       server FTP1 192.168.10.101    
       server FTP2 192.168.10.102

      frontend VNC     
       bind *:5901    
       mode tcp    
       option tcplog    
       default_backend magicinfo_vnc

      backend magicinfo_vnc    
       mode tcp    
       server VNC1 192.168.10.101:5901 check


      frontend VNC_Viewer     
       bind *:5500    
       mode tcp    
       option tcplog    
       default_backend magicinfo_vnc_viewer

      backend magicinfo_vnc_viewer    
       mode tcp    
       server VNC1 192.168.10.101:5500 check

    4. vi /etc/hosts

      127.0.0.1 localhost.localdomain localhost

      ::1 localhost6.localdomain6 localhost6

      192.168.10.101 webA

      192.168.10.102 webB

  2. 다음 명령어를 통해 방화벽을 해제합니다. 

    service iptables stop

  3. 다음 명령어를 통해 서비스를 등록 및 시작합니다. 

    cd examples
    cp haproxy.init /etc/rc.d/init.d/haproxy
    service haproxy restart


정보
설치 예제 환경  
- OS : CentOS 6.0
- HAProxy version : HAProxy 1.4.22
- Load Balancer Server IP (CentOS) : 192.168.10.100
- MagicInfo Premium Server
- Server 1 IP : 192.168.10.101  
- Server 2 IP : 192.168.10.102
- Port: 7001,80 (http), 21(ftp)
Sv translation
languageen

This document describes the steps to install and set up HA Proxy.

Before Installation

Download the HA Proxy by using below command.

wget http://www.haproxy.org/download/1.8/src/haproxy-1.4.22.tar.gz


Installation

Install the HA Proxy by using below command.

  1. tar xfz haproxy-1.4.22.tar.gz
  2. cd haproxy-1.4.22
  3. vi Makefile → change "PREFIX = /usr/local" to "PREFIX = /usr".
  4. make TARGET=linux26 ARCH=x86_64
  5. make install

Setting

Setup the configurations for HA Proxy as described below.

  1. groupadd haproxy
  2. useradd haproxy -g haproxy

  3. vi /etc/haproxy/haproxy.cfg
    ※ When configuring the proxy server with SSL, refer to and recycle the commendted out 443 and 7002 ports.
    ※ 80 port is for the users (browser) and 7001 port is for the devices.

    global    log  /dev/log local0 info    log  /dev/log local1 notice    maxconn 4096    user haproxy    group haproxy

    defaults    log global    mode http    option tcplog    option dontlognull    retries 3    option redispatch    maxconn 2000    timeout connect 5000    timeout client 50000    timeout server 50000  

    frontend browser_port    bind *:80    mode  http    option  forwardfor    option  httpclose    default_backend web_server_session frontend device_port    bind *:7001    mode  http    option  forwardfor    option  httpclose    default_backend web_server_rr

    # frontend user_port_ssl #    mode http #    bind *:443 ssl crt /etc/ssl/MagicInfoCert.pem #    acl is_root path -i / #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    redirect code 301 location https://10.89.37.68/MagicInfo if is_root #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    default_backend web_server_session

    #frontend device_port_ssl #    mode http

    #    bind *:7002 ssl crt /etc/ssl/haproxy/MagicInfo.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats 

    # Stats URI

    #    stats auth icinga:20Monitor17 

    # Authentication credentials #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    default_backend web_server_rr

    backend web_server_session     balance source     option forwardfor     server WEB1 192.168.10.101:80 cookie A check     server WEB2 192.168.10.102:80 cookie B check

    backend web_server_rr     balance roundrobin      option forwardfor     server WEB1 192.168.10.101:7001 check     server WEB2 192.168.10.102:7001 check      http-request set-header X-FORWARD-PORT % [dst_port] 

    frontend magicinfo_rm1      bind *:8000      mode  http      option  httpclose      option  forwardfor      default_backend rm_server1

    backend rm_server1      mode http      server rm1 192.168.10.101:8000

    frontend magicinfo_rm2      bind *:8001      mode  http      option  httpclose      option  forwardfor      default_backend rm_server2

    backend rm_server2      mode http      server rm2 192.168.10.102:8001

    frontend magicinfo_ftp    bind *:21    mode   tcp    option   tcplog    default_backend ftp_server

    backend ftp_server      option tcplog      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 21 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 21 inter 10s rise 1 fall 2

    frontend magicinfo_ftps      bind *:990      mode tcp      option tcplog      default_backend ftps_server

    backend ftps_server      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 990 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 990 inter 10s rise 1 fall 2

    frontend magicinfo_passive_ftp      bind *:17001-17100      mode tcp      option tcplog      default_backend passive_ftp_server

    backend passive_ftp_server      mode tcp      option tcplog      balance leastconn      server FTP1 192.168.10.101      server FTP2 192.168.10.102

    frontend VNC       bind *:5901      mode tcp      option tcplog      default_backend magicinfo_vnc

    backend magicinfo_vnc      mode tcp      server VNC1 192.168.10.101:5901 check

    frontend VNC_Viewer       bind *:5500      mode tcp      option tcplog      default_backend magicinfo_vnc_viewer

    backend magicinfo_vnc_viewer      mode tcp      server VNC1 192.168.10.101:5500 check

  4. vi /etc/hosts

    127.0.0.1 localhost.localdomain localhost

    ::1 localhost6.localdomain6 localhost6

    192.168.10.101 webA

    192.168.10.102 webB

  5. Firewall off

    service iptables stop

  6. Register and start the service

    cd examples cp haproxy.init /etc/rc.d/init.d/haproxy service haproxy restart


정보

Example of Installation Environment  

- OS : CentOS 6.0

- HAProxy version : HAProxy 1.4.22 - Load Balancer Server IP (CentOS) : 192.168.10.100

- MagicInfo Premium Server 

   Server 1 IP : 192.168.10.101  

   Server 2 IP : 192.168.10.102

   Port: 7001,80 (http), 21(ftp)