As this document http://conheotiensinh.blogspot.com/2010/05/setting-up-high-availability-load_14.html.I setup load balancer for HTTP in Haproxy.But Haproxy not support SSL(HTTPS) directly So I will intro config haproxy support SSL use stunnel(As haproxy site require need install Stunnel for support SSL(HTTPS...))
II/INSTALL
1/Install haproxy and keepalived as document:http://conheotiensinh.blogspot.com/2010/05/setting-up-high-availability-load_14.html
2/Install Stunnel
you need insert patch of haproxy to Stunnel packet(I build rpm packet with insert patch of haproxy.If you need it for install easy Please contact me with email:quan.hoa@conheotiensinh.co.cc)
3/Config Keepalived as document:
4/config Haproxy in both loadbalance
Edit /etc/haproxy/haproxy.cfg
stats enable
stats auth test:123
listen domain_cluster_https 192.168.236.130:80
mode http
balance roundrobin
cookie SERVERID insert nocache
option forwardfor except 192.168.236.130
option httpchk HEAD /check.txt HTTP/1.0
server server1 192.168.127.131:80 cookie A check
server server2 192.168.127.132:80 cookie B check
5/config Stunnel
Edit /etc/stunnel/stunnel.conf
cert = /etc/stunnel/monit.pem # you need install cert
;key = /etc/stunnel/mail.key
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /var/run/stunnel/
setuid = root
setgid = root
; PID is created inside chroot jail
;pid = /stunnel.pid
pid = /etc/stunnel/stunnel.pid
;debug = 3
;output = /etc/stunnel/stunnel.log
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[https]
accept=192.168.236.130:443
connect=192.168.236.130:80
6/Test You can access web mail with URL:
https://192.168.236.130/mail
Check status HAPROXY with URL:https://192.168.236.130/haproxy?stats
Beside You can use another solution for this problem:
Use Pound for Reverse Proxy( SSL )and Haproxy for load balancer
Thanks
Thanks for providing this informative information you may also refer.
ReplyDeletehttp://www.s4techno.com/blog/2016/10/05/big-ip-f5-ltm-license-upgrade/