Ir al contenido

6 de febrero de 2014

HAProxy – Instalación, configuración, actualización…..

by WebMaster

Pruebas con HAProxy.  Muy buena experiencia general, estupendo balanceo con muuuchas opciones.

Para más información y detalles de HAProxy

Instalar la distribucion de linux deseada, en mi caso opté por Debian, Ubunto lo traé integrado en el repositorio.

Configurar las tarjetas de red con ip´s fijas y las que sean necesarias según el entorno, para ello editamos el fichero /etc/network/interfaces:

Como ejemplo:

nano /etc/network/interfaces

allow-hotplug eth0
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.254.0
gateway 10.0.1.254
dns-nameservers 10.0.0.21 10.0.0.22

auto eth0:0
iface eth0:0 inet static
address 10.0.1.1
netmask 255.255.254.0
gateway 10.0.1.254
dns-nameservers 10.0.0.21 10.0.0.22
——————————————————————–

Actualizar el sistema.

apt-get update

apt-get upgrade

apt-get dist-update

INSTALAMOS:

Aquí comienza la instación de los requisitos para HAProxy:

apt-get install build-essential make libpcre3 libpcre3-dev

apt-get install build-essential libssl-dev libpopt-dev git libpcre3-dev

apt-get install linux-kernel-headers  (opcional)

——————————————————————————————————————————————

Opcional para evitar estos avisos o errores con versiones de kernel 2.6.xx:

PCRE library supports JIT : no (USE_PCRE_JIT not set)

PCRE library supports JIT : no (libpcre build without JIT?)

——————————————————————————————————————————————

cd /usr/src/

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.32.tar.gz

tar xzfv pcre-8.32.tar.gz

cd pcre-8.32

./configure –enable-jit –enable-utf && make

——————————————————————————————————————————————
Ahora descargamos el programa HAProxy:

cd /usr/src/

wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz

tar xzfv haproxy-1.5-dev21.tar.gz

cd haproxy-1.5-dev21

COMPILAMOS:

Tenemos varias opciones de compilación, yo utilizo la última (en negrita):

make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1

make TARGET=linux2628 CPU=native USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1

make TARGET=linux2628 CPU=native USE_PCRE=1 USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1 USE_POLL=default USE_OPENSSL=1 USE_ZLIB=1

make TARGET=custom CPU=native USE_PCRE=1 USE_LIBCRYPT=1 USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1

make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_PCRE=1

make TARGET=linux2628 CPU=native USE_PCRE=1 USE_LIBCRYPT=1 USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1

make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_PCRE=1 USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1

make TARGET=linux2628 CPU=native USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs

make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs

make TARGET=linux2628 CPU=native ARCH=x86_64 USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs

make install

CREAMOS LINKS y CARPETAS:

ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

mkdir /usr/share/haproxy

nano /etc/init.d/haproxy  (creamos script de inicio-parada del sevicio)

—————————————————————————

#!/bin/sh
### BEGIN INIT INFO
# Provides:          haproxy
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description:       This file should be used to start and stop haproxy.
### END INIT INFO

# Author: Arnaud Cornet <acornet@debian.org>

PATH=/sbin:/usr/sbin:/bin:/usr/bin
PIDFILE=/var/run/haproxy.pid
CONFIG=/etc/haproxy/haproxy.cfg
HAPROXY=/usr/sbin/haproxy
EXTRAOPTS=
ENABLED=0

test -x $HAPROXY || exit 0
test -f “$CONFIG” || exit 0

if [ -e /etc/default/haproxy ]; then
. /etc/default/haproxy
fi

test “$ENABLED” != “0” || exit 0

[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions

haproxy_start()
{
start-stop-daemon –start –pidfile “$PIDFILE” \
–exec $HAPROXY — -f “$CONFIG” -D -p “$PIDFILE” \
$EXTRAOPTS || return 2
return 0
}

haproxy_stop()
{
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
for pid in $(cat $PIDFILE) ; do
/bin/kill $pid || return 4
done
rm -f $PIDFILE
return 0
}

haproxy_reload()
{
$HAPROXY -f “$CONFIG” -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
|| return 2
return 0
}

haproxy_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 3
fi

for pid in $(cat $PIDFILE) ; do
if ! ps –no-headers p “$pid” | grep haproxy > /dev/null ; then
# program running, bogus pidfile
return 1
fi
done

return 0
}

case “$1” in
start)
log_daemon_msg “Starting haproxy” “haproxy”
haproxy_start
ret=$?
case “$ret” in
0)
log_end_msg 0
;;
1)
log_end_msg 1
echo “pid file ‘$PIDFILE’ found, haproxy not started.”
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
stop)
log_daemon_msg “Stopping haproxy” “haproxy”
haproxy_stop
ret=$?
case “$ret” in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
reload|force-reload)
log_daemon_msg “Reloading haproxy” “haproxy”
haproxy_reload
case “$?” in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
;;
restart)
log_daemon_msg “Restarting haproxy” “haproxy”
haproxy_stop
haproxy_start
case “$?” in
0)
log_end_msg 0
;;
1)
log_end_msg 1
;;
2)
log_end_msg 1
;;
esac
;;
status)
haproxy_status
ret=$?
case “$ret” in
0)
echo “haproxy is running.”
;;
1)
echo “haproxy dead, but $PIDFILE exists.”
;;
*)
echo “haproxy not running.”
;;
esac
exit $ret
;;
*)
echo “Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}”
exit 2
;;
esac

:

—————————————————————————————

chmod +x /etc/init.d/haproxy

update-rc.d haproxy defaults

nano /etc/default/haproxy (creamos el fichero de configuración para habilitarlo)

————————————————————————————

# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS=”-de -m 16″

—————————————————————————————

groupadd haproxy
useradd -g haproxy haproxy

mkdir /etc/haproxy

mkdir /etc/haproxy/errors

cp /usr/src/haproxy-1.5-dev21/examples/errorfiles/* /etc/haproxy/errors

nano /etc/haproxy/haproxy.cfg

service haproxy restart

Ya estaría funcionando.

——————————————————————————————————————————————

Lo siguiente es para organizar los logs y que se eliminen pasado un tiempo (28 días).

nano /etc/rsyslog.d/haproxy.conf

if ($programname == ‘haproxy’ and $syslogseverity-text == ‘info’) then -/var/log/haproxy/haproxy-info.log
& ~
if ($programname == ‘haproxy’ and $syslogseverity-text == ‘notice’) then -/var/log/haproxy/haproxy-notice.log
& ~

nano /etc/logrotate.d/haproxy

/var/log/haproxy/*.log {
daily
missingok
rotate 28
compress
delaycompress
notifempty
create 644 root adm
sharedscripts
postrotate
/etc/init.d/haproxy reload > /dev/null
endscript
}

——————————————————————————————————————————————

Para actualizar o cambiar de versión de HAProxy:

cd /usr/src/haproxy-xxxxxx
make clean
make TARGET=linux2628 CPU=native ARCH=x86_64 USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs
sudo make install

Ya estaría cambiada la versión.

——————————————————————————————————————————————

Reiniciar el servicio sin apenas parada, aunque de por sí es muy rápido.

haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)

haproxy -f configfile -sf

——————————————————————————————————————————————

Si queremos tener varios HAProxy por si falla el principal que tome el control otro, podemos utilizar Keepalived.

Primero lo instalamos.

apt-get install -y keepalived

update-rc.d keepalived defaults

echo “net.ipv4.ip_nonlocal_bind = 1” >> /etc/sysctl.conf
sysctl -p

La configuración del principal o master sería (XXX.XXX.XXX.XXX = IP Virtual deseada):

Master

nano /etc/keepalived/keepalived.conf

———————————————————————————————–

vrrp_script chk_haproxy {
script “killall -0 haproxy”   # verify the pid existance
interval 2                    # check every 2 seconds
weight 2                      # add 2 points of prio if OK
}

vrrp_instance VI_1 {
interface eth0                # interface to monitor
state MASTER
virtual_router_id 51          # Assign one ID for this route
priority 101                  # 101 on master, 100 on backup
virtual_ipaddress {
XXX.XXX.XXX.XXX            # the virtual IP
}
track_script {
chk_haproxy
}
}

La configuración del backup o esclavo sería (XXX.XXX.XXX.XXX = IP Virtual deseada):

Esclavo

nano /etc/keepalived/keepalived.conf

vrrp_script chk_haproxy {
script “killall -0 haproxy”   # verify the pid existance
interval 2                    # check every 2 seconds
weight 2                      # add 2 points of prio if OK
}

vrrp_instance VI_1 {
interface eth0                # interface to monitor
state MASTER
virtual_router_id 51          # Assign one ID for this route
priority 100                  # 101 on master, 100 on backup
virtual_ipaddress {
XXX.XXX.XXX.XXX            # the virtual IP
}
track_script {
chk_haproxy
}
}

————————————————————————————————–

/etc/init.d/keepalived start

ip a | grep -e inet.*eth0

cat /var/log/messages | grep VRRP_Instance

——————————————————————————————————————————————

Para comprobar si la configuración del HAProxy es correcta antes de ponerla en producción:

haproxy -f /etc/haproxy/haproxy.cfg -c
——————————————————————————————————————————————

Saber versión instalada de HAProxy y compilación:

haproxy -vv

——————————————————————————————————————————————

Ejemplo de fichero de configuración haproxy.cfg para versión 1.4 (XXX.XXX.XXX.XXX = IP Virtual):

———————————————- Inicio fichero haproxy.cfg 1.4.xx ——————————————–

global
daemon
log /dev/log local0 info
log /dev/log local0 notice
maxconn 1000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin

userlist stats-auth
group admin             users Admin
user  Admin  insecure-password password
group readonly          users user
user  user        insecure-password password

defaults
backlog 10000
default-server inter 3s rise 2 fall 3
log global
option  contstats
option  dontlognull
option  redispatch
retries 3
timeout client 300s
timeout connect 30s
timeout http-keep-alive 5s
timeout http-request 15s
timeout queue 30s
timeout tarpit 1m
timeout server 300s

frontend ft_ftp_tcp
bind *:21 name ftp
mode tcp
maxconn 2000
default_backend bk_ftp_server_pool

frontend ft_sftp_tcp
bind XXX.XXX.XXX.XXX:22 name sftp
mode tcp
maxconn 2000
default_backend bk_sftp_server_pool

frontend ft_smtpsrv_tcp
bind XXX.XXX.XXX.XXX:25 name smtp
mode tcp
maxconn 2000
default_backend bk_smtpsrv_server_pool

frontend ft_web_http
bind *:80 name http
mode http
maxconn 10000
default_backend bk_web_server_pool

frontend ft_pop_tcp
bind *:110 name imap
mode tcp
maxconn 2000
default_backend bk_pop_server_pool

frontend ft_imap_tcp
bind *:143 name imap
mode tcp
maxconn 2000
default_backend bk_imap_server_pool

frontend ft_exchange_tcp
bind *:443 name https
mode tcp
maxconn 10000
default_backend bk_exchange_server_pool

frontend ft_smtpcli_tcp
bind *:587 name smtpcli
bind *:5587 name smtpcli
mode tcp
maxconn 2000
default_backend bk_smtpcli_server_pool

frontend ft_ftps_tcp
bind *:990 name imaps
mode tcp
maxconn 2000
default_backend bk_imaps_server_pool

frontend ft_imaps_tcp
bind *:993 name imaps
mode tcp
maxconn 2000
default_backend bk_imaps_server_pool

frontend ft_pops_tcp
bind *:995 name pops
mode tcp
maxconn 2000
default_backend bk_pops_server_pool

frontend ft_eset_tcp
bind *:2221-2222 name esethttp
mode tcp
maxconn 2000
default_backend bk_eset_server_pool

frontend ft_antispam_tcp
bind *:8081 name antispam_http
bind *:8481 name antispam_https
mode tcp
maxconn 2000
default_backend bk_antispam_server_pool

frontend ft_weblog_tcp
bind *:9991 name weblog
mode tcp
maxconn 2000
default_backend bk_weblog_server_pool

backend bk_ftp_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server FTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 21
server FTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 21

backend bk_sftp_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SFTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 22
server SFTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 22

backend bk_smtpsrv_server_pool
option tcplog
option abortonclose
option smtpchk HELO dominio.com
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SMTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 25
server SMTP_1.XX 10.0.1.1XXweight 1 maxconn 1000 check port 25 backup

backend bk_web_server_pool
mode http
option httpclose
option forwardfor
option httplog
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server WEB_1.XX 10.0.1.XX:80 weight 1 maxconn 5000 check port 82
server WEB_1.XX 10.0.1.XX:80 weight 1 maxconn 5000 check port 82

backend bk_pop_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server POP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 110
server POP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 110

backend bk_imap_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server IMAP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 143
server IMAP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 143

backend bk_exchange_server_pool
option tcplog
option abortonclose
option ssl-hello-chk
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 5000 check port 443
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 5000 check port 443

backend bk_smtpcli_server_pool
option tcplog
option abortonclose
option smtpchk HELO dominio.com
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SMTPCLI_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 587
server SMTPCLI_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 587

backend bk_ftps_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server FTPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 990
server FTPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 990

backend bk_imaps_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server IMAPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 993
server IMAPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 993

backend bk_pops_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server POPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 995
server POPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 995

backend bk_eset_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server ESET_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 2221
server ESET_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 2221

backend bk_antispam_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server ANTISPAM_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 8481
server ANTISPAM_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 8481 backup

backend bk_weblog_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server WEBLOG_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 9991
server WEBLOG_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 9991

listen admin
bind *:8080
mode http
acl AUTH       http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) admin
http-check expect status 200
maxconn    10
option abortonclose
option forceclose
option httpclose
option http-server-close
stats admin if AUTH_ADMIN
stats enable
stats hide-version
stats http-request auth unless AUTH
stats refresh 30s
stats show-desc RBHAProxyD1
stats show-legends
stats uri /stats

———————————————-Final fichero haproxy.cfg 1.4.xx ———————————————-

Ejemplo de fichero de configuración haproxy.cfg para versión 1.5 (XXX.XXX.XXX.XXX = IP Virtual):

———————————————- Inicio fichero haproxy.cfg 1.5.xx ————————————–

global
daemon
log /dev/log local0 info
log /dev/log local0 notice
maxconn 1000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin

userlist stats-auth
group admin             users Admin
user  Admin  insecure-password password
group readonly          users user
user  user        insecure-password password

defaults
backlog 10000
compression algo gzip
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint
default-server inter 3s rise 2 fall 3
log /dev/log local0 info
log /dev/log local0 notice
maxconn 100
option  contstats
option  dontlognull
option    log-health-checks
option  redispatch
option    tcp-smart-accept
option    tcp-smart-connect
retries 3
timeout client 300s
timeout connect 30s
timeout http-keep-alive 30s
timeout http-request 60s
timeout queue 300s
timeout server 600s
timeout tarpit 300s

frontend f-ftp-in
bind *:21 name ftp
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-ftp

frontend f-sftp-in
bind XXX.XXX.XXX.XXX:22 name sftp
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-sftp

frontend f-smtpsrv-in
bind XXX.XXX.XXX.XXX:25 name smtp
mode tcp
maxconn 100
default_backend b-smtpsrv

frontend f-http-in
bind *:80 name http
mode http
maxconn 200
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-http

frontend f-pop-in
bind *:110 name pop3
bind *:995 name pop3s
mode tcp
maxconn 100
default_backend b-pop

frontend f-imap-in
bind *:143 name imap
bind *:993 name imaps
mode tcp
maxconn 100
default_backend b-imap

frontend f-https-in
bind *:443 name https
mode tcp
acl aplicaciones req_ssl_sni -i aplicaciones.dominio.com
acl aplicaciones2 req_ssl_sni -i aplicaciones2.dominio.com
acl aplicaciones3 req_ssl_sni -i aplicaciones3.dominio.com
maxconn 200
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend b-aplicaciones if aplicaciones
use_backend b-aplicaciones2 if aplicaciones2
use_backend b-aplicaciones3 if aplicaciones3
default_backend b-https

frontend f-smtpcli-in
bind *:587 name smtpcli
bind *:5587 name smtpcli
mode tcp
maxconn 100
default_backend b-smtpcli

frontend f-ftps-in
bind *:990 name imaps
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-ftps

frontend f-eset-in
bind *:2221-2222 name esethttp
mode tcp
maxconn 100
default_backend b-eset

frontend f-mysql-in
bind *:3306 name mysql
mode tcp
maxconn 200
default_backend b-mysql

frontend f-ums-in
bind *:8015 name antispam_http
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-ums

frontend f-antispam-in
bind *:8081 name antispam_http
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-antispam

frontend f-weblog-in
bind *:9991 name weblog
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-weblog

backend b-ftp
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option tcp-check expect string 220
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server FTP_1.XX 10.0.1.XX:21 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server FTP_1.XX 10.0.1.XX:21 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-sftp
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option tcp-check
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SFTP_1.XX 10.0.1.XX:22 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SFTP_1.XX 10.0.1.XX:22 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-smtpsrv
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option smtpchk HELO dominio.com
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SMTP_1.XX 10.0.1.XX:25 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SMTP_1.XX 10.0.1.XX:25 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup

backend b-http
mode http
http-check expect status 200
balance roundrobin
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server HTTP_1.XX 10.0.1.XX:80 weight 1 maxconn 200 check port 82 inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server HTTP_1.XX 10.0.1.XX:80 weight 1 maxconn 200 check port 82 inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-pop
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option tcplog
option tcp-check expect string +OK
stick-table type ip size 10240k expire 60m
stick on src
server POP_1.XX 10.0.1.XX:110 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server POP_1.XX 10.0.1.XX:110 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-imap
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option tcplog
option tcp-check expect string * OK
stick-table type ip size 10240k expire 60m
stick on src
server IMAP_1.XX 10.0.1.XX:143 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server IMAP_1.XX 10.0.1.XX:143 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-https
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option  persist
option  redispatch
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-aplicaciones
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-aplicaciones2
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-aplicaciones3
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-smtpcli
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option smtpchk HELO dominio.com
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SMTPCLI_1.XX 10.0.1.XX:587 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SMTPCLI_1.XX 10.0.1.XX:587 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-ftps
mode tcp
balance leastconn
option abortonclose
option  persist
option  redispatch
option tcp-check
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server FTPS_1.XX 10.0.1.XX:990 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server FTPS_1.XX 10.0.1.XX:990 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-eset
mode tcp
balance roundrobin
option abortonclose
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server ESET_1.XX 10.0.1.XX:2221 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server ESET_1.XX 10.0.1.XX:2221 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-mysql
mode tcp
balance roundrobin
option abortonclose
option mysql-check user haproxy
option  persist
option  redispatch
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server MYSQL_1.XX 10.0.1.XX:3306 weight 10 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server MYSQL_1.XX 10.0.1.XX:3306 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server MYSQL_3.XX 10.0.3.XX:3306 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup

backend b-ums
mode http
balance roundrobin
http-check expect status 200
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server UMS_1.XX 10.0.1.XX:8015 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

backend b-antispam
mode http
balance leastconn
http-check expect status 200
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server ANTISPAM_1.XX 10.0.1.XX:8081 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server ANTISPAM_1.XX 10.0.1.XX:8081 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup

backend b-weblog
mode http
balance roundrobin
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server WEBLOG_1.XX 10.0.1.XX:9991 weight 10 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server WEBLOG_1.XX 10.0.1.XX:9991 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server WEBLOG_1.XX 10.0.1.XX:9991 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions

listen admin
bind *:8080
mode http
acl AUTH       http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) admin
http-check expect status 200
maxconn    10
option abortonclose
option forceclose
option httpclose
option http-server-close
stats admin if AUTH_ADMIN
stats enable
stats hide-version
stats http-request auth unless AUTH
stats refresh 30s
stats show-desc RBHAProxyD1
stats show-legends
stats uri /stats

————————————– Final fichero haproxy.cfg 1.5.xx ———————————

Algunos enlaces con información de HAProxy:

Parte 1 : Instalacion y configuracion del servicio

Parte 2: Fichero de reglas de prueba

How to Compile HAProxy From Source and Setup a Basic Configuration

HAProxy Quickstart w/ full example config file

Configure HAProxy with TPROXY kernel for full transparent proxy

Setting up HAProxy with Transparent Mode on Centos 6.x

Setting up HAproxy with TProxy

Install HAProxy and Keepalived (Virtual IP)

HAProxy for Alfresco

Enhanced SSL load-balancing with Server Name Indication (SNI) TLS extension

Maintain affinity based on SSL session ID

Configure HAProxy to Load Balance Sites With SSL

Using HAProxy to Build a More Featureful Elastic Load Balancer

HAProxy add test-check-expect to test various http-check methods

HAProxy – route by domain name

High Availability Web Services Using HAProxy

 

 

 

 

 

No se permiten comentarios

Última actualización 05/03/2023 13:36; Última actualización de contenido 07/06/2020 13:27