UPDATED!!!
GOAL
We want to put 1 haproxy server in front of 2 web servers which means we aim to load balance 2 nginx web servers.
Servers:
haproxy3: 10.10.4.18
web1: 10.10.4.21
web2: 10.10.4.22
CONFIGURE WEB1 AND WEB2
edit hosts
$ sudo vi /etc/hosts
add haproxy3 to web1
10.10.4.18 haproxy3
add haproxy3 to web2
10.10.4.18 haproxy3
For both web1 and web2 backup the current config file
$ sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
make sure you have valid config file like this
$ sudo vi /etc/nginx/nginx.conf
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes 2; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 8192; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; keepalive_timeout 200; types_hash_max_size 2048; client_body_buffer_size 32K; client_header_buffer_size 8k; client_max_body_size 512m; large_client_header_buffers 8 64k; client_body_timeout 3000; client_header_timeout 3000; send_timeout 300; fastcgi_buffers 8 128k; fastcgi_buffer_size 128k; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; ## # 'gzip' Settings # # gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_min_length 256; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; server { listen 80; server_name moodle.na.edu; # note that these lines are originally from the "location /" block root /usr/share/nginx/html; index index.php index.html index.htm; location / { root /usr/share/nginx/html; try_files $uri $uri/ =404; index index.php index.html index.htm; } error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ [^/]\.php(/|$) { root /usr/share/nginx/html; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 300; if ($request_filename ~* ^.?/([^/]?)$) { set $filename $1; } if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){ add_header Access-Control-Allow-Origin *; } } location /dataroot/ { internal; alias /var/moodledata/; # ensure the path ends with / } location /cachedir/ { internal; alias /var/moodledata/cache/; # ensure the path ends with / } location /localcachedir/ { internal; alias /var/moodledata/localcache/; # ensure the path ends with / } location /tempdir/ { internal; alias /var/moodledata/temp/; # ensure the path ends with / } location /filedir/ { internal; alias /var/moodledata/filedir/; # ensure the path ends with / } location ~* \.(?:ttf|ttc|otf|eot|woff|font.css)$ { add_header "Access-Control-Allow-Origin" "*"; expires 1M; access_log off; add_header Cache-Control "public"; } } }
restart nginx
$ sudo systemctl restart nginx
INSTALL AND CONFIGURE HAPROXY
PREREQUISITES
go to haproxy3 (10.10.4.18) server
update yum
$ sudo yum update
First make sure you have installed the right editor, system and network tools
$ sudo yum install nano wget curl net-tools lsof vim telnet xinetd psmisc socat
edit hosts
$ sudo vi /etc/hosts
10.10.4.18 haproxy3 10.10.4.21 web1 10.10.4.22 web2
disable selinux
$ sudo vi /etc/sysconfig/selinux
SELINUX=disabled
Burada kaldim
open ports for 80 and 8080
$ sudo systemctl status firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
add service or port to to exclude from firewall
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-port=8080/tcp
$ sudo firewall-cmd --reload
$ sudo systemctl restart firewalld.service
$ sudo iptables -L
install haproxy
$ sudo yum install haproxy
backup the haproxy config file
$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
edit haproxy config
$ sudo vi /etc/haproxy/haproxy.cfg
#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- #HAProxy statistics backend #--------------------------------------------------------------------- listen haproxy3-monitoring *:8080 mode http option forwardfor option httpclose stats enable stats show-legends stats refresh 5s stats uri /stats stats realm Haproxy\ Statistics stats auth [username]:[password] stats admin if TRUE #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main bind *:80 option http-server-close option forwardfor default_backend webapp-main # round robin balancing between the various backends #--------------------------------------------------------------------- backend webapp-main balance source option httpchk HEAD / HTTP/1.1\r\nHost:\ lms.na.edu server web1 10.10.4.21:80 check server web2 10.10.4.22:80 check
start or restart haproxy3
$ sudo systemctl status haproxy
$ sudo systemctl start haproxy
$ sudo systemctl restart haproxy
Note:if you see cannot bind socket when lookup status of haproxy then run this instead of start
$ sudo /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg
let’s see who is listening
$ sudo netstat -tapnl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20324/haproxy tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20324/haproxy
If you see 80 and 8080 ports processes, then you are good to go!
We will use 8080 to monitor the load balancer stats
http://10.10.4.18:8080/stats or http://moodle.na.edu:8080/stats
type: username and password for web username and password as you defined in haproxy config
Now finally go to the domain name
Note: Make sure you setup your DNS successfully by pointing the haproxy along with a public ip.
Thanks for the tutorial but im getting error
303/185708 (3207) : Starting frontend main: cannot bind socket [0.0.0.0:80]
sudo /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg <— used that still getting the same error how to solve this? thanks
LikeLike
Do you use port 80 on somewhere else like apache? What do you see when you run this?
$ sudo netstat -tapnl
LikeLike