Hotfix release available: 2025-05-14b "Librarian".
upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian".
upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian".
upgrade now! [56] (what's this?)
Hotfix release available: 2024-02-06b "Kaos".
upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos".
upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos".
upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum".
upgrade now! [54.2] (what's this?)
Hotfix release available: 2023-04-04a "Jack Jackrum".
upgrade now! [54.1] (what's this?)
New release available: 2023-04-04 "Jack Jackrum".
upgrade now! [54] (what's this?)
Hotfix release available: 2022-07-31b "Igor".
upgrade now! [53.1] (what's this?)
Hotfix release available: 2022-07-31a "Igor".
upgrade now! [53] (what's this?)
New release available: 2022-07-31 "Igor".
upgrade now! [52.2] (what's this?)
New release candidate 2 available: rc2022-06-26 "Igor".
upgrade now! [52.1] (what's this?)
New release candidate available: 2022-06-26 "Igor".
upgrade now! [52] (what's this?)
Hotfix release available: 2020-07-29a "Hogfather".
upgrade now! [51.4] (what's this?)
New release available: 2020-07-29 "Hogfather".
upgrade now! [51.3] (what's this?)
New release candidate 3 available: 2020-06-09 "Hogfather".
upgrade now! [51.2] (what's this?)
New release candidate 2 available: 2020-06-01 "Hogfather".
upgrade now! [51.1] (what's this?)
New release candidate available: 2020-06-01 "Hogfather".
upgrade now! [51] (what's this?)
Hotfix release available: 2018-04-22c "Greebo".
upgrade now! [50.3] (what's this?)
Hotfix release available: 2018-04-22b "Greebo".
upgrade now! [50.2] (what's this?)
learnexa-qa-loadbalancer
Table of Contents
Learnexa QA server Loadbalancer Setup
Before making any changes please make sure that following services are running in specific order if the loadbalancer is going to rescide on same machine as your application server;
Make sure that you change the following files first
Apache - TCP port - 81 (/opt/apache2/conf/httpd.conf) ## Listen section Listen 81 ## VirtualHost Section VirtualHost 192.168.2.x:81 ## ServerName section ServerName qa01.learnexa.com:81 Chat - TCP port - 8018 (/home/expdev01/bin/chat_sss.sh - node command) ## Change the following line; nohup node server.js --port 8018 > /var/log/chat.log &
STEP 1: Install load-balancer on the server with SSL support;
export STATICLIBSSL=/path/to/openssl/lib/headers
#Compile with the latest version of Openssl 1.0.2d and above;
./config --prefix=$STATICLIBSSL no-shared
make
make install_sw
#Compile Haproxy 1.5.x
./config --prefix=$STATICLIBSSL no-shared
make && make install_sw
cd /src/haproxy
make clean
make TARGET=linux2628 CPU=x86_64 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl USE_ZLIB=1 USE_PCRE=1
make install
for validation use;
haproxy -vv
STEP 2: Add the following files;
mkdir -p /opt/haproxy/src mkdir -p /opt/haproxy/ssl/disable_certs mkdir -p /opt/haproxy/ssl/certs.d mkdir -p /opt/haproxy/errors (download 503.http file or create one)
The following configuration file is for HTTP setup;
global
nbproc 1
debug
daemon
maxconn 35000
#user haproxy
#group haproxy
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin
spread-checks 5
log 127.0.0.1 local1
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option tcp-smart-accept
option tcp-smart-connect
option tcpka
option srvtcpka
option httplog
option dontlognull
retries 3
option redispatch
no option log-health-checks
timeout connect 10000
timeout client 300000
timeout queue 5s
timeout http-request 28s
timeout tunnel 1h
timeout server 8m
frontend sub_site_to_ssl_redirection
mode http
option forwardfor
option http-server-close
bind 192.168.225.214:80
# redirect scheme https if !{ ssl_fc }
# default_backend common_www_backend
# errorfile 503 /opt/haproxy/errors/503.http
# frontend multi_tenant
# bind 192.168.2.222:80
# mode http
option httplog
option httpclose
# option forwardfor
option http-server-close
reqadd X-Forwarded-Proto:\ http
# reqadd X-Multi-tenant:\ true
acl chatreq url_beg /chatlist
################################ ADD REDIRECTION MT ########################################################
############################################################################################################
use_backend chatlistURI if chatreq
default_backend common_www_backend
errorfile 503 /opt/haproxy/errors/503.http
# frontend multi_tenant_secure
# bind 192.168.2.222:443 ssl crt /opt/haproxy/ssl/certs.d/
# mode http
# option httplog
# option httpclose
# option forwardfor
# reqadd X-Forwarded-Proto:\ https
# acl chatreq url_beg /chatlist
# use_backend chatlistURI if chatreq
# default_backend common_www_backend
# errorfile 503 /opt/haproxy/errors/503.http
# frontend sub_site_secured
# bind 192.168.225.214:443 ssl crt /opt/haproxy/ssl/certs.d/exphosted.pem
# mode http
# option httplog
# option httpclose
# option forwardfor
# reqadd X-Forwarded-Proto:\ https
# rspadd Strict-Transport-Security:\ max-age=31536000
# acl chatreq url_beg /chatlist
# use_backend chatlistURI if chatreq
# default_backend common_www_backend
# errorfile 503 /opt/haproxy/errors/503.http
#
backend common_www_backend
mode http
option httplog
option forwardfor
option httpchk HEAD /about HTTP/1.1\r\nHost:\ na3.learnexa.com\r\nUser-Agent:\ HaProxy
stats enable
stats hide-version
stats uri /learnexalb
stats realm Learnexa\ LB
stats auth admin:Expertus2091
balance roundrobin
cookie SERVERID insert indirect nocache
option forwardfor
# server prodapp1 10.229.94.13:80 cookie server1 weight 1 maxconn 1024 check cookie app1
server cbdevapp01 192.168.225.214:81 check port 81 cookie app1 maxconn 31 inter 5000 rise 2 fall 3
# server prodapp2 10.166.152.19:80 check port 80 cookie app2 maxconn 31 inter 5000 rise 2 fall 3
frontend chat-ingress
option tcplog
mode tcp
bind 192.168.225.214:8090
# bind 192.168.225.214:8090 ssl crt /opt/haproxy/ssl/certs.d/exphosted.pem
# bind 192.168.2.222:8090
default_backend prodchatrole
backend prodchatrole
mode tcp
option forceclose
server prodchatrole 192.168.225.214:8018 check port 8018 maxconn 200
backend chatlistURI
mode http
server chatlistURI 192.168.225.214:80 check port 80 maxconn 200
The following configuration file is for HTTPS/SSL setup;
global
nbproc 1
debug
daemon
maxconn 35000
#user haproxy
#group haproxy
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin
spread-checks 5
log 127.0.0.1 local1
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option tcp-smart-accept
option tcp-smart-connect
option tcpka
option srvtcpka
option httplog
option dontlognull
retries 3
option redispatch
no option log-health-checks
timeout connect 10000
timeout client 300000
timeout queue 5s
timeout http-request 28s
timeout tunnel 1h
timeout server 8m
frontend sub_site_to_ssl_redirection
mode http
option forwardfor
option http-server-close
bind 192.168.225.214:80
redirect scheme https if !{ ssl_fc }
default_backend common_www_backend
errorfile 503 /opt/haproxy/errors/503.http
# frontend multi_tenant
# bind 192.168.2.222:80
# bind 192.168.225.214:80
# mode http
# option httplog
# option httpclose
# option forwardfor
# option http-server-close
# reqadd X-Forwarded-Proto:\ http
# reqadd X-Multi-tenant:\ true
# acl chatreq url_beg /chatlist
################################ ADD REDIRECTION MT ########################################################
############################################################################################################
# use_backend chatlistURI if chatreq
# default_backend common_www_backend
# errorfile 503 /opt/haproxy/errors/503.http
# frontend multi_tenant_secure
# bind 192.168.2.222:443 ssl crt /opt/haproxy/ssl/certs.d/
# bind 192.168.225.214:443 ssl crt /opt/haproxy/ssl/certs.d/
# mode http
# option httplog
# option httpclose
# option forwardfor
# reqadd X-Forwarded-Proto:\ https
# acl chatreq url_beg /chatlist
# use_backend chatlistURI if chatreq
# default_backend common_www_backend
# errorfile 503 /opt/haproxy/errors/503.http
frontend sub_site_secured
bind 192.168.225.214:443 ssl crt /opt/haproxy/ssl/certs.d/
mode http
option httplog
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
# rspadd Strict-Transport-Security:\ max-age=31536000
acl chatreq url_beg /chatlist
use_backend chatlistURI if chatreq
default_backend common_www_backend
errorfile 503 /opt/haproxy/errors/503.http
backend common_www_backend
mode http
option httplog
option forwardfor
option httpchk HEAD /about HTTP/1.1\r\nHost:\ na3.learnexa.com\r\nUser-Agent:\ HaProxy
stats enable
stats hide-version
stats uri /learnexalb
stats realm Learnexa\ LB
stats auth admin:Expertus2091
balance roundrobin
cookie SERVERID insert indirect nocache
option forwardfor
# server prodapp1 10.229.94.13:80 cookie server1 weight 1 maxconn 1024 check cookie app1
server cbdevapp01 192.168.225.214:81 check port 81 cookie app1 maxconn 31 inter 5000 rise 2 fall 3
# server prodapp2 10.166.152.19:80 check port 80 cookie app2 maxconn 31 inter 5000 rise 2 fall 3
frontend chat-ingress
option tcplog
mode tcp
bind 192.168.225.214:8090 ssl crt /opt/haproxy/ssl/certs.d/
# bind 192.168.2.222:8090
default_backend prodchatrole
backend prodchatrole
mode tcp
option forceclose
server prodchatrole 192.168.225.214:8018 check port 8018 maxconn 200
backend chatlistURI
mode http
server chatlistURI 192.168.225.214:80 check port 80 maxconn 200
STEP 3: copy the following scripts and place it on app user's home directory;
cphaproxy.sh
#!/bin/bash
#################################
BASE=/opt/haproxy
DIS_CERT=$BASE/ssl/disable_certs
APP_USER=expdev01
HAPROXY=localhost
pemfile="$(echo $1|sed 's/.*\///')"
domain="$(echo $1|sed 's/.*\///'|sed 's/.pem//')"
#################################
printhelp()
{
clear
echo -e "\n\e[32;1mUsage : $0 /path/to/<domain.com>.pem enable|disable\e[0m\n" && exit 1
}
if [ $# -gt 2 ] || [ $# -le 1 ]
then
printhelp
fi
if [ -z $1 ] || [ ! -e $1 ]
then
echo -e "\n\e[31;1mFile was not found in the specified directory\e[0m\n" && exit 1
fi
if [[ $2 == "enable" ]] || [[ $2 == "disable" ]]
then
:
else
printhelp
fi
scp $1 $APP_USER@$HAPROXY:/$DIS_CERT >>/dev/null
test $? != 0 && echo -e "\e[31;1mUnable to upload the file, due to network issue\e[0m\n" && exit 1
ssh $APP_USER@$HAPROXY -t "cd ~/bin && sudo ./rlhaproxy.sh $2 $domain" >>/dev/null
rlhaproxy.sh
#/bin/bash
#THIS SCRIPT IS FREE TO USE
#AUTHOR : Syed A. Bahmani
#DESIGNATION : DevOps Engineer
BASE=/opt/haproxy
CERT=$BASE/ssl/certs.d
DIS_CERT=$BASE/ssl/disable_certs
CONF=$BASE/haproxy.cfg
test "$(whoami)" != 'root' && (echo -e "\n\e[31m\e[1mWARNING!!\e[0m Please run $0 as root or use sudo\n") && exit 1|| true
if [ ! -e $CONF ]
then
echo -e "\e[31m\e[1mThe file was not found : $CONF \nPlease configure right path in CONF variable!\e[0m"
exit 1
fi
printhelp()
{
echo -e "\n\e[32m\e[1mUSEAGE : ./$(basename $0) enable|disable <complete URL>\e[0m\n"
echo -e "\n++++++++ HERE IS THE LIST OF DOMAINS ++++++++\n"
grep -i "redirect prefix" $CONF |cut -d' ' -f11
echo -e "\n"
exit 1
}
if [[ $1 == "enable" || $1 == "disable" ]]
then
if [ -z $2 ]
then
printhelp
fi
if [[ $1 == "enable" ]]
then
if [[ ! $(grep -i $2 $CONF) ]]
then
sed -i "51i redirect prefix https://$2 code 301 if { hdr(host) -i $2 }" $CONF
mv -f $DIS_CERT/$2.pem $CERT/
echo -e "\n++++++++ HERE IS THE LIST OF DOMAINS ++++++++\n"
grep -i "redirect prefix" $CONF |cut -d' ' -f11
echo -e "\n"
echo -e "Reloading haproxy configuration\n"
sudo service haproxy reload 2>/dev/null
sleep 2
echo -e "\e[32m\e[1mDone...\e[0m\n"
elif [ "$(openssl x509 -noout -hash -in /opt/haproxy/ssl/certs.d/$2.pem)" != "$(openssl x509 -noout -hash -in /opt/haproxy/ssl/disable_certs/$2.pem)" ]
then
mv -f /opt/haproxy/ssl/disable_certs/$2.pem /opt/haproxy/ssl/certs.d/ 2>/dev/null
else
echo "Domain Already exist"
fi
elif [[ $1 == "disable" ]]
then
if [[ ! $(grep -i $2 $CONF) ]]
then
echo -e "\nDomain mentioned does not exist in the configuration file!\n"
exit 1
else
o=$(grep -ni $2 $CONF |cut -d':' -f1)
mv -f $CERT/$(grep -i "redirect prefix" $CONF |cut -d' ' -f 11).pem $DIS_CERT/ 2>1
sed -i "$o d" $CONF
echo -e "\n++++++++ HERE IS THE LIST OF DOMAINS ++++++++\n"
grep -i "redirect prefix" $CONF |cut -d' ' -f11
echo -e "\n"
echo -e "Reloading haproxy configuration\n"
sudo service haproxy reload 2>/dev/null
sleep 2
echo -e "\e[32m\e[1mDone...\e[0m\n"
fi
fi
else
printhelp
fi
learnexa-qa-loadbalancer.txt · Last modified: 2018/08/31 16:16 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
