Neste post será apresentado como configurar um cluster HAPROXY para ser o load balancer da infraestrutura abaixo.
Conforme é apresentado será criado um Cluster HAPROXY prevendo o crescimento horizontal do ambiente independente de tecnologia. (Apache , NGINX, IIS e etc)
1) Ambiente :
OS : CentOS7 (RHEL7)
10.0.0.10 HAPROXY-01
10.0.0.20 HAPROXY-02
OBS: A configuração do HAPROXY será SSL SNI.
2) Requisitos :
2.1) Instalação do HAPROXY :
Neste post a instlação será realizada vim YUM , no blog temos o exemplo de como compilar o HAPROXY com suporte à SSL :
Executando a instalação via YUM
yum install haproxy -y
Habilitando no boot
systemctl enable haproxy
Estamos utilizando a versão 1.5.18
2.2) Instalação do KeepAlived :
Neste post utilizaremos o YUM , mas temos também a versão compilada no post abaixo :
Executando a instalação via YUM
yum install keepalived -y
Habilitando no boot
systemctl enable keepalived
3) Configuração do Ambiente :
3.1) Configuração do HAPROXY :
vim /etc/haproxy.conf
##### GLOBAL CONFIG #####
global
log 127.0.0.1 local0
log 127.0.0.1 local1 debug
maxconn 45000 # Total Max Connections.
daemon
nbproc 1 # Number of processing cores.
defaults
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s
log global
mode tcp
option tcplog
option dontlognull
##### DASHBOARD #####
listen stats :4997
mode http
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats realm Haproxy\ Statistics
stats auth admin:haproxy
stats uri /haproxy
############ Configuracao dos Frontends #######################
###### HTTP HTTPS FRONTEND #############
frontend http-in
bind <IP DO HAPROXY>:80
# Default Backend
default_backend template_http-lb
# ACL BACKEND HTTP TEMPLATE
acl host_http-template.example.com hdr(host) -i template.example.com
use_backend template_http-lb if host_http-template.example.com
##### HTTPS FRONTEND ############
#frontend https-in
mode tcp
bind <IP DO HAPROXY>:443
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# ACL BACKEND HTTPS TEMPLATE
acl host_https-template req_ssl_sni -i template.example.com
use_backend template_https-lb if host_https-template.example.com
# Default Backend
default_backend template_https-lb
########### Configuracao dos Backends #####################
#### BACKEND TEMPLATE HTTP-LB ####
backend template_http-lb
mode http
balance roundrobin
option forwardfor
option http-server-close
option http-pretend-keepalive
server SERVER1 <IP DO SERVER 1>:80 check
server SERVER2 <IP DO SERVER 2>:80 check
#### BACKEND TEMPLATE HTTPS-LB ####
backend template_https-lb
mode tcp
balance source
option http-server-close
# maximum SSL session ID length is 32 bytes.
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
# use tcp content accepts to detects ssl client and server hello.
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
# no timeout on response inspect delay by default.
tcp-response content accept if serverhello
stick on payload_lv(43,1) if clienthello
# Learn on response if server hello.
stick store-response payload_lv(43,1) if serverhello
option ssl-hello-chk
#option http-pretend-keepalive
server SERVER1 <IP DO SERVER 1>:443 check
server SERVER2 <IP DO SERVER 2>:443 check
Restart o HAPROXY
systemctl restart haproxy
3.2) Configuração do Keepalived :
HAPROXY-01
vim /etc/keepalived/keepalived.conf
vrrp_instance HAPROXY-01 {
interface eth0
state MASTER
virtual_router_id 1
priority 101
authentication {
auth_type PASS
auth_pass Add-Your-Password-Here
}
virtual_ipaddress {
10.0.0.100/24
}
}
HAPROXY-02
vim /etc/keepalived/keepalived.conf
instance HAPROXY-02 {
interface eth0
state MASTER
virtual_router_id 1
priority 100
authentication {
auth_type PASS
auth_pass Add-Your-Password-Here
}
virtual_ipaddress {
10.0.0.100/24
}
}