HAProxy
It was something that was asked to setup on linux machine. It was very new for me however I was able to setup it fine and run it. It is very simple to configure and install.
I have configured it on an Amazon EC2 instance with Amazon basic 64-bit linux OS.
What is HAProxy?
By proxy, we mean that there is some pathway by which we can breach the restricted destination. HAProxy is the proxy server that runs to redirect your call to a server instance running on any other machine.
Let me provide an example to you.
Suppose there are two machines running with a web-service at port 6771. You have been provided with a machine having a public IP with two different DNS name attached for both the service running on port 6771 at different machines.
Now, there is to provide a redirection on the basis of DNS name to the respective servers. Also, you don't want user to provide port number for the http call. So, there is a single port 80 on which the redirection is to be performed. It is the time when HAProxy, which is a proxy server comes into the picture. What it will do is, it will redirect the incoming calls at port 80 to respective server based on the DNS name.
I hope this information would be enough to tell you what actually HAProxy server does. Its simply redirects your call to a particular server.
Now, lets start with download and install of HAProxy server in linux. I have tries this on Amzon EC2 machine and with CentOS machine, so you can trust these commands will work for Amazon EC2 instance, Amazon Generic Linux 64-bit. I hope it may run on all Linux machines.
Make sure your machine is connected to Internet and the user has a sudo access.
Download HAProxy.
$ sudo wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev12.tar.gz
$ sudo tar -zxvf haproxy-1.5-dev12.tar.gz
Note: I am using sudo command for access of /usr/bin or /usr/sbin commands. You can ignore it. One more thing, I am using 1.5.12 as it was working well for me. There are higher version available, you can try them but I suggest you to use this one as it worked well for me. Also, for SSL don't try to go for lower version as ssl options are not available on lower versions.
Install Dependencies
$ sudo yum install gcc
$ sudo yum install make
$ sudo yum -y groupinstall 'Development Tools'
Note: Most of the linux have these dependencies already installed.
Install HAProxy.
$ cd haproxy-1.5-dev12
$ sudo make
$ sudo cp haproxy /usr/sbin/haproxy
Note: Now, before anything gets mislead, after these commands haproxy is installed but not configured to redirect calls.
Configure HAProxy
frontend .
frontend section describes a set of listening sockets accepting client
connections.
backend
backend section describes a set of servers to which the proxy will connect.
listen
listen section defines a complete proxy with its frontend and backend
parts combined in one section. Used generally for TCP-only traffic.
It was something that was asked to setup on linux machine. It was very new for me however I was able to setup it fine and run it. It is very simple to configure and install.
I have configured it on an Amazon EC2 instance with Amazon basic 64-bit linux OS.
What is HAProxy?
By proxy, we mean that there is some pathway by which we can breach the restricted destination. HAProxy is the proxy server that runs to redirect your call to a server instance running on any other machine.
Let me provide an example to you.
Suppose there are two machines running with a web-service at port 6771. You have been provided with a machine having a public IP with two different DNS name attached for both the service running on port 6771 at different machines.
Now, there is to provide a redirection on the basis of DNS name to the respective servers. Also, you don't want user to provide port number for the http call. So, there is a single port 80 on which the redirection is to be performed. It is the time when HAProxy, which is a proxy server comes into the picture. What it will do is, it will redirect the incoming calls at port 80 to respective server based on the DNS name.
I hope this information would be enough to tell you what actually HAProxy server does. Its simply redirects your call to a particular server.
Now, lets start with download and install of HAProxy server in linux. I have tries this on Amzon EC2 machine and with CentOS machine, so you can trust these commands will work for Amazon EC2 instance, Amazon Generic Linux 64-bit. I hope it may run on all Linux machines.
Make sure your machine is connected to Internet and the user has a sudo access.
Download HAProxy.
$ sudo wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev12.tar.gz
$ sudo tar -zxvf haproxy-1.5-dev12.tar.gz
Note: I am using sudo command for access of /usr/bin or /usr/sbin commands. You can ignore it. One more thing, I am using 1.5.12 as it was working well for me. There are higher version available, you can try them but I suggest you to use this one as it worked well for me. Also, for SSL don't try to go for lower version as ssl options are not available on lower versions.
Install Dependencies
$ sudo yum install gcc
$ sudo yum install make
$ sudo yum -y groupinstall 'Development Tools'
Note: Most of the linux have these dependencies already installed.
Install HAProxy.
$ cd haproxy-1.5-dev12
$ sudo make
$ sudo cp haproxy /usr/sbin/haproxy
Note: Now, before anything gets mislead, after these commands haproxy is installed but not configured to redirect calls.
Configure HAProxy
Create a haproxy.cfg file or edit the file /etc/haproxy.cfg created after make command.
Configuration file, haproxy.cfg for the above given example.
$ sudo vi /etc/haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend ws_in
mode http
bind *:80
acl is_example1 hdr_beg(host) -i example1.com
acl is_example2 hdr_beg(host) -i example2.com
use_backend example1_backend if is_example1
use_backend example2_backend if is_example2
backend example1_backend
mode http
server example1_srvr 192.168.0.2:6771
backend example2_backend
mode http
server example2_srvr 192.168.0.3:6771
Configure HAProxy with SSL Certificate.
Same above configuration with ssl certificate. Configuration file, haproxy.cfg for the above given example.
$ sudo vi /etc/haproxy.cfg
Content of file:
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend ws_in
mode http
bind *:443 ssl crt yourcert.pem
acl is_example1 hdr_beg(host) -i example1.com
acl is_example2 hdr_beg(host) -i example2.com
use_backend example1_backend if is_example1
use_backend example2_backend if is_example2
backend example1_backend
mode http
server example1_srvr 192.168.0.2:6771
backend example2_backend
mode http
server example2_srvr 192.168.0.3:6771
Note: SSL certificate can be configured in HAProxy 1.5+ version only.
Compiling HAProxy Congiuration File
$ sudo haproxy -f /etc/haproxy.cfg -c
Running HAProxy Server with Congiuration File
$ sudo haproxy -f /etc/haproxy.cfg
For Initiators
I would not go on deep, but will try to provide small information that may be a help for the initiators.
Things you must know:
Service:-
HAProxy service can work in 3 different distinct modes: TCP, HTTP and health.
These modes doesn't means that it will not work for SSH, LDAP, HTTPS etc calls. It is the HAproxy services which defines how the redirection will be treated.
These modes doesn't means that it will not work for SSH, LDAP, HTTPS etc calls. It is the HAproxy services which defines how the redirection will be treated.
Sections:-
Proxy configuration can be located in a set of sections : -
defaults
defaults section sets default parameters for all other sections following
its declaration.
Proxy configuration can be located in a set of sections : -
defaults
defaults section sets default parameters for all other sections following
its declaration.
frontend section describes a set of listening sockets accepting client
connections.
backend
backend section describes a set of servers to which the proxy will connect.
listen
ACL's:-
HAProxy provides ACLs on http headers, cookies etc.
To know more, follow below link:
Problem with HAProxy
No, ACLs for protocols other than http/(s). If any experienced professional have found any solution for it. Please try to provide your valuable information.
One more problem that has been faced is some web application sends redirect call such as in Java,
response.redirect("/login.do");
Due to this we have to add an entry on HAProxy for redirecting back to the server using
location prefix.
One more problem that has been faced is some web application sends redirect call such as in Java,
response.redirect("/login.do");
Due to this we have to add an entry on HAProxy for redirecting back to the server using
location prefix.
Comments