Re: Need help to configure ha proxy
Hi, Will you please help me in configuration on HAPROXY. Example - api.example.com server api01 10.0.0.10:80 check server api02 10.0.0.11:80 check Requirement - 10 Backend server and every backend with host name and 2 server under backend with roundrobin. Now issue is if we deploy on Prod, with jenkins, once deploy tomcat/apache will restart and use another server. During restart request fails those send on server 01 because this server goes under restart. How to handel that. AWS we do with ELB, before deployment server take out from elb then deploy then attach and make the inservice. Regard's Harish Chander 8529142143 * From: Jeff Palmer Sent: Tuesday, August 30, 2016 7:05 PM To: Harish Chander Cc: haproxy@formilux.org Subject: Re: Need help to configure ha proxy This config appears to be a decent start. and looks to meet your requirements for http. Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 5 > > timeout server 5 > > > frontend haproxy > >bind *:80 > >stats uri /stats > >stats realm Strictly\ Private > >stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > >server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net
Re: Need help to configure ha proxy
For same i need your help will you please help me, and today i have new requirement. back to example.com backend will run on 80 and 8080 example.com will run on 80 and 443 will you share the conf file ?? i shall be really thankfull to you Regard's Harish Chander 8529142143 * From: Jeff Palmer Sent: Tuesday, August 30, 2016 7:05 PM To: Harish Chander Cc: haproxy@formilux.org Subject: Re: Need help to configure ha proxy This config appears to be a decent start. and looks to meet your requirements for http. Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hardening Your Web Server's SSL Ciphers ยท Homepage of ...<https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/> hynek.me There are many wordy articles on configuring your web server's TLS ciphers. This is not one of them. Instead I will share a configuration which is both compatible ... > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 5 > > timeout server 5 > > > frontend haproxy > >bind *:80 > >stats uri /stats > >stats realm Strictly\ Private > >stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > >server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net
Re: Need help to configure ha proxy
This config appears to be a decent start. and looks to meet your requirements for http. Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 5 > > timeout server 5 > > > frontend haproxy > >bind *:80 > >stats uri /stats > >stats realm Strictly\ Private > >stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > >server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net
Need help to configure ha proxy
Hi, I shall be really thankful you if you help in configure haproxy or its possible or not. External ELB - In external AWS ELB i have 2 Ha proxy server HA Proxy connect haproxy > beta.example.com beta.example.com > api-example.com beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of direct server IP then work everything. Requirement - beta.example.com should work on both 443 and 80. now its working for 80 only. Please help me out. you can call me +918529142143 any time. Current haproxy conf under below haproxy.conf global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 5 timeout server 5 frontend haproxy bind *:80 stats uri /stats stats realm Strictly\ Private stats auth pass:word # Define hosts #urls acl beta.example hdr(host) -i beta.example.com acl api.example hdr(host) -i api-example.com #cluster use_backend b.example if beta.example use_backend z.api if api.example #Frontend Server backend b.example mode http balance roundrobin option forwardfor server server01 10.0.0.1:80 check ##API backend z.api mode http balance roundrobin option forwardfor server api01 192.168.1.1:80 check Regard's Harish Chander 8529142143 *
