HAProxy adalah perangkat lunak open source yang berfungsi sebagai load balancing dan proxy untuk TCP dan HTTP. Load balancing adalah metode untuk mendistribusikan atau membagikan trafik ke beberapa server.
0.Perangkat yang digunakan
Perangkat yang digunakan di tutorial ini:
- OS Ubuntu 18.04 LTS
- HAProxy
- Nginx web server
- PHP-FPM 7.2
- Node1: 10.130.127.167
- Node2: 10.130.128.35
- LoadBalancer: 128.199.187.215
- Domain: defnex.com
Node1 dan Node2 sudah terinstall Nginx web server dan PHP-FPM 7.2. Masing-masing node dibuatkan file index.php yang berisi tulisan node1 dan node2 sebagai halaman pengujian untuk mengetahui halaman yang ditampilkan berasal dari node yang mana.
1.Install HAProxy
Update dan install HAProxy.
1
2
|
sudo apt update
sudo apt install haproxy –y
|
2.Konfigurasi HAProxy
Buka file konfigurasi HAProxy.
1
|
sudo vim /etc/haproxy/haproxy.cfg
|
File konfigurasi default dari haproxy.cfg.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose–fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca–base /etc/ssl/certs
crt–base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl–default–bind–ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl–default–bind–options no–sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
|
Tambahkan konfigurasi untuk HAProxy listener.
1
2
3
4
|
frontend http_front
bind *:80
mode http
default_backend http_back
|
Tambahkan konfigurasi untuk backend web server.
1
2
3
4
5
6
7
8
9
|
backend http_back
mode http
balance roundrobin
option forwardfor
http–request set–header X–Forwarded–Port %[dst_port]
http–request add–header X–Forwarded–Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1rnHost:localhost
server node1 10.130.127.167:80
server node2 10.130.128.35:80
|
Konfigurasi tambahan untuk statistik HAProxy.
1
2
3
4
5
6
7
8
|
listen stats
bind *:1234
stats enable
stats hide–version
stats refresh 30s
stats show–node
stats auth username:password
stats uri /stats
|
Hasil akhir konfigurasi HAProxy secara lengkap.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose–fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca–base /etc/ssl/certs
crt–base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl–default–bind–ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl–default–bind–options no–sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_front
bind *:80
mode http
default_backend http_back
backend http_back
mode http
balance roundrobin
option forwardfor
http–request set–header X–Forwarded–Port %[dst_port]
http–request add–header X–Forwarded–Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1rnHost:localhost
server node1 10.130.127.167:80
server node2 10.130.128.35:80
listen stats
bind *:1234
stats enable
stats hide–version
stats refresh 30s
stats show–node
stats auth username:password
stats uri /stats
|
Verifikasi konfigurasi dan restart HAProxy.
1
2
|
sudo haproxy –c –f /etc/haproxy/haproxy.cfg
sudo systemctl restart haproxy
|
3.Pengujian
Browse domain, refresh halaman berulang kali sampai menampilkan file index.php dari Node1 dan Node2.
4.Statistik
Browse http://domain.com:1234/stats untuk membaca statistik HAProxy.