Thiết lập máy chủ HAproxy có sẵn sàng cao với firewall PFSense - Part 1 vs 2
1. PFSESNE
1.1. Install PFSense
Download ISO: https://www.pfsense.org/download/
1.2. Config Network
Card 1: VMnet 8 (NAT) => WAN port
Card 2: VMnet 3 (Host-only) => LAN port
Card 3: VMnet 4 (Host-only) => DMZ port
VMnet 8: 172.16.69.0/24, GW: 172.16.69.1
VMnet 3: 192.168.30.0/24 (Disable DHCP)
VMnet 4: 10.10.10.0/24 (Disable DHCP)
PART1: WEB SERVER
1. Install httpd
------------------ Both WEB1 & WEB2 server ---------------------
# yum -y update
# yum -y install net-tools httpd
2. Configure firewalld to Allow Apache Traffic
------------------ Both WEB1 & WEB2 server ---------------------
# systemctl disable firewalld; systemctl stop firewalld; systemctl status firewalld
3. Verify
2. HAPROXY
2.1. Install Haproxy
------------------ Both LB1 & LB2 server ---------------------
# yum –y update
# yum install -y haproxy net-tools
# systemctl disable firewalld; systemctl stop firewalld; systemctl status firewalld
2.2. Configure HAProxy
------------------ Both LB1 & LB2 server ---------------------
# mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg-backup
# vi /etc/haproxy/haproxy.cfg
global
maxconn 25000
log 127.0.0.1 local0 notice
user haproxy
group haproxy
defaults
log global
retries 2
maxconn 25000
timeout connect 1000
timeout server 5000
timeout client 5000
listen webserver
bind 0.0.0.0:80
mode tcp
balance roundrobin
maxconn 25000
server server1 10.10.10.7:80 weight 1 maxconn 5000 check
server server2 10.10.10.9:80 weight 2 maxconn 5000 check
listen webinterface
bind 0.0.0.0:8080
mode http
stats enable
stats uri /
stats realm Strictly\ Private
stats auth admin:123456
*** Restart service HAproxy
# systemctl enable haproxy; systemctl start haproxy; systemctl status haproxy
2.3. Verity
http://10.10.10.3
- LB1
http://10.10.10.5
- LB2
- Haproxy monitor
tiếp theo Part 3