Hi,
Will you please help me in configuration on HAPROXY. Example - api.example.com server api01 10.0.0.10:80 check server api02 10.0.0.11:80 check Requirement - 10 Backend server and every backend with host name and 2 server under backend with roundrobin. Now issue is if we deploy on Prod, with jenkins, once deploy tomcat/apache will restart and use another server. During restart request fails those send on server 01 because this server goes under restart. How to handel that. AWS we do with ELB, before deployment server take out from elb then deploy then attach and make the inservice. Regard's Harish Chander 8529142143 * ________________________________ From: Jeff Palmer <[email protected]> Sent: Tuesday, August 30, 2016 7:05 PM To: Harish Chander Cc: [email protected] Subject: Re: Need help to configure ha proxy This config appears to be a decent start. and looks to meet your requirements for http. Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander <[email protected]> wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 50000 > > timeout server 50000 > > > frontend haproxy > > bind *:80 > > stats uri /stats > > stats realm Strictly\ Private > > stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > > server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net
