Centos 7 – Part 3 – HAProxy with SSL support combined with NGINX Load Balancing

In the previous post instructions were given on how to create a HAProxy combined with NGINX Load Balancing. However that particular setup did not support SSL. These instructions will implement SSL support at the HAProxy server. The NGINX servers receive SSL traffic but the connection between the NGINX servers and the Apache web servers are with out SSL. It should be noted the ability to login the actual IPs of visitors is not lost with the implementation of SSL.

The difference here is that in the haproxy config file we specify the use of SSL and we no longer use the “listen” section like we did with out the use of SSL in the previous post.

nginx-HA

Generate the SSL certificate.

openssl genrsa -out haproxy1.key  1024
openssl  req -new -key haproxy1.key  -out haproxy1.csr
openssl ca -policy policy_anything -in haproxy1.csr  -out haproxy1.crt
openssl x509 -req -days 365 -in  haproxy1.csr  -signkey haproxy1.key  -out haproxy1.cr
cat haproxy1.crt haproxy1.key |   tee haproxy1.pem

 

Configure HAPROXY

vi /etc/haproxy/haproxy.cfg
global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 debug
        maxconn   45000 # Total Max Connections.
        daemon
        nbproc      1 # Number of processing cores.
defaults
        timeout server 86400000
        timeout connect 86400000
        timeout client 86400000
        timeout queue   1000s

frontend https_frontend
  bind 10.0.0.52:443 ssl crt /etc/ssl/haproxy1.sfentona.lol/haproxy1.pem
  mode http
  option httpclose
  option forwardfor
  reqadd X-Forwarded-Proto:\ https
  default_backend web_server

backend web_server
  mode http
  balance roundrobin
  cookie SERVERID insert indirect nocache
  server wordpressvirtip 10.0.0.44:80
Share Button

Centos 7 – Part 2 – HAProxy combined with NGINX Load Balancing.

In this previous post instructions were written on how to setup a Round Robin Load Balancer by using NGINX and a virtual IP that would pass requests to the Apache Web Servers.

In this post we will use the very same setup but we place a HAProxy server in front of the Virtual IP the NGINX servers created. This server will use the Round Robin protocol as well and it will pass the requests to the NGINX servers which will in return will pass the web requests to the Apache web servers. SSL is not yet implemented.

The IP address of the HAProxy is 10.0.0.52 and the IP address of the virtual IP we created is 10.0.0.44 with a DNS entry “wordpressvirtip”

nginx-HA

 

 

 

 

 

 

 

 

 

 

 

 

 

 

yum install haproxy
vi /etc/haproxy/haproxy.cfg
global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 debug
        maxconn   45000 # Total Max Connections.
        daemon
        nbproc      1 # Number of processing cores.
defaults
        timeout server 86400000
        timeout connect 86400000
        timeout client 86400000
        timeout queue   1000s

# [HTTP Site Configuration]
listen  http_web 10.0.0.52:80
        mode http
        balance roundrobin  # Load Balancing algorithm
        option httpchk
        option forwardfor
        server wordpressvirtip 10.0.0.44:80 weight 1 maxconn 512 check
        #server server2 10.0.0.40:80 weight 1 maxconn 512 check

# [HTTPS Site Configuration]
#listen  https_web 192.168.10.10:443
#        mode tcp
#        balance source# Load Balancing algorithm
#        reqadd X-Forwarded-Proto:\ http
#        server server1 192.168.10.100:443 weight 1 maxconn 512 check
#        server server2 192.168.10.101:443 weight 1 maxconn 512 check
 system start haproxy
Share Button