HAProxy를 설치하고 설정하는 방법을 설명합니다.

설치준비

1. 아래 명령어를 실행하여 HA Proxy 파일을 다운로드 받습니다. 

wget http://www.haproxy.org/download/1.8/src/haproxy-1.4.22.tar.gz

설치

1. 아래 명령어를 차례대로 실행하여 HA Proxy를 설치합니다. 
   1. tar xfz haproxy-1.4.22.tar.gz
   2. cd haproxy-1.4.22
   3. vi Makefile -> "PREFIX = /usr/local" 를 "PREFIX = /usr"로 수정.
   4. make TARGET=linux26 ARCH=x86_64
   5. make install

설정

1. 아래 명령어를 실행하여 HA Proxy 설정을 변경한다.
   1. groupadd haproxy
   2. useradd haproxy -g haproxy

   3. vi /etc/haproxy/haproxy.cfg

      ※ Proxy server를 SSL 로 서버를 구성할 경우 주석된 443, 7002 포트를 참고 및

   재활용한다

   1. 재활용합니다. 
      ※ 80 port는 사용자(브라우저)포트, 7001 port는 장치(LFD)

   포트

   1. 포트입니다. 

      global    log  /dev/log local0 info    log  /dev/log local1 notice    maxconn 4096    user haproxy    group haproxy defaults    log global    mode http    option tcplog    option dontlognull    retries 3    option redispatch    maxconn 2000    timeout connect 5000    timeout client 50000    timeout server 50000   frontend browser_port    bind *:80    mode  http    option  forwardfor    option  httpclose    default_backend web_server_session frontend device_port    bind *:7001    mode  http    option  forwardfor    option  httpclose    default_backend web_server_rr # frontend user_port_ssl #    mode http #    bind *:443 ssl crt /etc/ssl/MagicInfoCert.pem #    acl is_root path -i / #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    redirect code 301 location https://10.89.37.68/MagicInfo if is_root #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    default_backend web_server_session #frontend device_port_ssl #    mode http #    bind *:7002 ssl crt /etc/ssl/haproxy/MagicInfo.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    default_backend web_server_rr backend web_server_session     balance source     option forwardfor     server WEB1 192.168.10.101:80 cookie A check     server WEB2 192.168.10.102:80 cookie B check backend web_server_rr     balance roundrobin      option forwardfor     server WEB1 192.168.10.101:7001 check     server WEB2 192.168.10.102:7001 check      http-request set-header X-FORWARD-PORT % [dst_port]  frontend magicinfo_rm1      bind *:8000      mode  http      option  httpclose      option  forwardfor      default_backend rm_server1 backend rm_server1      mode http      server rm1 192.168.10.101:8000 frontend magicinfo_rm2      bind *:8001      mode  http      option  httpclose      option  forwardfor      default_backend rm_server2 backend rm_server2      mode http      server rm2 192.168.10.102:8001 frontend magicinfo_ftp    bind *:21    mode   tcp    option   tcplog    default_backend ftp_server backend ftp_server      option tcplog      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 21 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 21 inter 10s rise 1 fall 2 frontend magicinfo_ftps      bind *:990      mode tcp      option tcplog      default_backend ftps_server backend ftps_server      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 990 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 990 inter 10s rise 1 fall 2 frontend magicinfo_passive_ftp      bind *:17001-17100      mode tcp      option tcplog      default_backend passive_ftp_server backend passive_ftp_server      mode tcp      option tcplog      balance leastconn      server FTP1 192.168.10.101      server FTP2 192.168.10.102 frontend VNC       bind *:5901      mode tcp      option tcplog      default_backend magicinfo_vnc backend magicinfo_vnc      mode tcp      server VNC1 192.168.10.101:5901 check frontend VNC_Viewer       bind *:5500      mode tcp      option tcplog      default_backend magicinfo_vnc_viewer backend magicinfo_vnc_viewer      mode tcp      server VNC1 192.168.10.101:5500 check

   2. vi /etc/hosts

      127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.10.101 webA 192.168.10.102 webB

2. 방화벽 해제다음 명령어를 통해 방화벽을 해제합니다. 

   service iptables stop

3. 서비스 다음 명령어를 통해 서비스를 등록 및 시작시작합니다. 

   cd examples cp haproxy.init /etc/rc.d/init.d/haproxy service haproxy restart

관련 문서

Read the following to This document describes the steps to install and set up HA Proxy.

Before Installation

Download the HA Proxy by using below command.

wget http://www.haproxy.org/download/1.8/src/haproxy-1.4.22.tar.gz

Installation

Install the HA Proxy by using below command.

1. tar xfz haproxy-1.4.22.tar.gz
2. cd haproxy-1.4.22
3. vi Makefile → change "PREFIX = /usr/local" to "PREFIX = /usr".
4. make TARGET=linux26 ARCH=x86_64
5. make install

Setting

Setup the configurations for HA Proxy as described below.

1. groupadd haproxy
2. useradd haproxy -g haproxy

3. vi /etc/haproxy/haproxy.cfg
   ※ When configuring the proxy server with SSL, refer to and recycle the commendted out 443 and 7002 ports.
   ※ 80 port is for the users (browser) and 7001 port is for the devices.

   global    log  /dev/log local0 info    log  /dev/log local1 notice    maxconn 4096    user haproxy    group haproxy defaults    log global    mode http    option tcplog    option dontlognull    retries 3    option redispatch    maxconn 2000    timeout connect 5000    timeout client 50000    timeout server 50000   frontend browser_port    bind *:80    mode  http    option  forwardfor    option  httpclose    default_backend web_server_session frontend device_port    bind *:7001    mode  http    option  forwardfor    option  httpclose    default_backend web_server_rr # frontend user_port_ssl #    mode http #    bind *:443 ssl crt /etc/ssl/MagicInfoCert.pem #    acl is_root path -i / #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    redirect code 301 location https://10.89.37.68/MagicInfo if is_root #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    default_backend web_server_session #frontend device_port_ssl #    mode http #    bind *:7002 ssl crt /etc/ssl/haproxy/MagicInfo.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA #    cookie JSESSIONID prefix #    option forwardfor #    capture request header Referrer len 64 #    capture request header Content-Length len 10 #    capture request header User-Agent len 64 #    stats enable  # Enable stats page #    stats refresh 30s #    stats hide-version  # Hide HAProxy version #    stats realm Haproxy\ Statistics  # Title text for popup window #    stats uri /haproxy_stats  # Stats URI #    stats auth icinga:20Monitor17  # Authentication credentials #    http-request add-header X-Forwarded-Proto https if { ssl_fc } #    default_backend web_server_rr backend web_server_session     balance source     option forwardfor     server WEB1 192.168.10.101:80 cookie A check     server WEB2 192.168.10.102:80 cookie B check backend web_server_rr     balance roundrobin      option forwardfor     server WEB1 192.168.10.101:7001 check     server WEB2 192.168.10.102:7001 check      http-request set-header X-FORWARD-PORT % [dst_port]  frontend magicinfo_rm1      bind *:8000      mode  http      option  httpclose      option  forwardfor      default_backend rm_server1 backend rm_server1      mode http      server rm1 192.168.10.101:8000 frontend magicinfo_rm2      bind *:8001      mode  http      option  httpclose      option  forwardfor      default_backend rm_server2 backend rm_server2      mode http      server rm2 192.168.10.102:8001 frontend magicinfo_ftp    bind *:21    mode   tcp    option   tcplog    default_backend ftp_server backend ftp_server      option tcplog      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 21 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 21 inter 10s rise 1 fall 2 frontend magicinfo_ftps      bind *:990      mode tcp      option tcplog      default_backend ftps_server backend ftps_server      mode tcp      balance leastconn      server FTP1 192.168.10.101 check port 990 inter 10s rise 1 fall 2       server FTP2 192.168.10.102 check port 990 inter 10s rise 1 fall 2 frontend magicinfo_passive_ftp      bind *:17001-17100      mode tcp      option tcplog      default_backend passive_ftp_server backend passive_ftp_server      mode tcp      option tcplog      balance leastconn      server FTP1 192.168.10.101      server FTP2 192.168.10.102 frontend VNC       bind *:5901      mode tcp      option tcplog      default_backend magicinfo_vnc backend magicinfo_vnc      mode tcp      server VNC1 192.168.10.101:5901 check frontend VNC_Viewer       bind *:5500      mode tcp      option tcplog      default_backend magicinfo_vnc_viewer backend magicinfo_vnc_viewer      mode tcp      server VNC1 192.168.10.101:5500 check

4. vi /etc/hosts

   127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.10.101 webA 192.168.10.102 webB

5. Firewall off

   service iptables stop

6. Register and start the service

   cd examples cp haproxy.init /etc/rc.d/init.d/haproxy service haproxy restart

Related Documents