HAPROXY Lab (CentOS VM)
PROXY: A server that intermediates requests and responses between a client and a server.
Types of PROXY
Forward Proxy: Located between the client and the internet.
Reverse Proxy: Located between the internet and the server.
Key Features
Security and Encryption: Protects communication between client and server.
Caching: Caches responses from the server to the client to improve performance.
Load Balancing: Distributes traffic across multiple servers to reduce load.
Load Balancing
L4 Load Balancing: Distributes traffic at the network layer.
L7 Load Balancing: Distributes traffic at the application layer.
Load Balancing Algorithms
Round Robin: Distributes requests sequentially across servers.
Weighted Round Robin: Distributes requests based on server weights.
IP Hashing: Distributes requests based on client IP hash.
Least Connections: Distributes requests to the server with the fewest active connections.
Least Response Time: Distributes requests to the server with the fastest response time.
PRACTICE
1. Server Setup
Run four virtual machines: VM1, VM2, VM3, VM4
VM1: HAProxy server
VM2, VM3, VM4: Apache server
2. Verify and Install Required Files
Start Virtual Machines
- Start VM1, VM2, VM3, VM4
VM2, VM3, VM4: Verify and install Apache server
systemctl status httpd yum -y install httpd
VM1: Verify and install HAProxy server
yum -y install haproxy systemctl status haproxy
VM1, VM2, VM3, VM4: Configure Firewall
firewall-cmd --list-all systemctl start firewalld firewall-cmd --add-service=http firewall-cmd --add-port=80/tcp --zone=public firewall-cmd --add-port=5000/tcp --zone=public firewall-cmd --reload
3. Start and Configure Apache Web Server
VM2, VM3, VM4: Start Apache web server
systemctl start httpd
Write Server Identification Script
VM2
vi /var/www/html/index.html
<h1> Apache Server 01 </h1> <link href="style.css" rel="stylesheet" type="text/css" media="screen" />
VM3
bash코드 복사vi /var/www/html/index.html
<h1> Apache Server 02 </h1> <link href="style.css" rel="stylesheet" type="text/css" media="screen" />
VM4
vi /var/www/html/style.css
h1 { color: #471d4f; font-size: 300%; }
Restart Apache Servers
bash코드 복사systemctl restart httpd
5. Configure HAProxy on Server 1
Edit HAProxy Configuration File
- Configuration file location:
/etc/haproxy/haproxy.cfg
- Configuration file location:
vi /etc/haproxy/haproxy.cfg
Default Section
defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http
Frontend Section
frontend http_front bind *:5000 default_backend http_back
Backend Section
backend http_back balance roundrobin server server1 192.168.56.101:80 check server server2 192.168.56.102:80 check server server3 192.168.56.103:80 check
Restart HAProxy
systemctl restart haproxy
6. Load Balancing Configuration (haproxy.cfg
)
Frontend and Backend Configuration
frontend main bind *:5000 acl url_static path_beg /static /images /javascript /stylesheets acl url_static path_end .jpg .gif .png .css .js use_backend static if url_static default_backend app backend static balance roundrobin server static 192.168.56.103:80 check backend app balance roundrobin server server1 192.168.56.101:80 check server server2 192.168.56.102:80 check
Frontend Section:
*bind :5000: Accept connections on port 5000.
acl url_static path_beg /static /images /javascript /stylesheets: Match URL paths beginning with /static, /images, /javascript, /stylesheets.
acl url_static path_end .jpg .gif .png .css .js: Match URL paths ending with .jpg, .gif, .png, .css, .js.
use_backend static if url_static: Use the
static
backend if theurl_static
ACL matches.default_backend app: Use the
app
backend by default.
Backend Section:
backend static:
balance roundrobin: Use round robin algorithm to distribute traffic.
server static 192.168.56.103:80 check: Use server at 192.168.56.103 with health checks.
backend app:
balance roundrobin: Use round robin algorithm to distribute traffic.
server server1 192.168.56.101:80 check: Use server at 192.168.56.101 with health checks.
server server2 192.168.56.102:80 check: Use server at 192.168.56.102 with health checks.
Restart HAProxy
systemctl restart haproxy
Verify in Browser
Access
http://192.168.0.119:5000
Observe round robin distribution by refreshing the page
7. Viewing HAProxy Logs
Open Port 9000
firewall-cmd --add-port=9000/tcp --zone=public systemctl restart firewalld
Add Monitoring Configuration
listen stats bind *:9000 stats enable stats uri / stats auth admin:admin
Restart HAProxy
systemctl restart haproxy
Check Logs
- Access
http://192.168.0.119:9000
- Access
8. Changing Load Balancing Algorithm
Change to leastconn Algorithm
backend app balance leastconn server server1 192.168.56.101:80 check server server2 192.168.56.102:80 check
Restart HAProxy
systemctl restart haproxy
9. Implementing L4 Load Balancing
Add Configuration
frontend tcp_front bind *:80 mode tcp default_backend tcp_back backend tcp_back balance roundrobin server server1 192.168.56.101:80 check server server2 192.168.56.102:80 check
Restart HAProxy
systemctl restart haproxy
Result
- Accessing
http://192.168.0.119:80
will connect through the HAProxy server, even if the Apache server is not running on VM1.
- Accessing