Setting Load Balancing Multi-Domain on HAProxy

Setting Load Balancing Multi-Domain pada HAProxy

  • Install HAProxy
  • Server HAProxy : 192.168.10.10
  • Domain : ha-web01.sys-ops.id.sideka.my.id dan ha-web02.sys-ops.id.sideka.my.id
  • Server Web1 : 192.168.10.15 – Port 80
  • Server Web2 : 192.168.10.16 – Port 80
  • Pada Server Web1 dan Server Web2 sudah terdapat virtual host untuk ke dua domain
  • Akses ke dua domain akan diarahkan ke Web1 dan Web2

  • Konfigurasi HAProxy
global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    maxconn 5000
    fullconn 5000
    retries 10
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 30s
    timeout client  30s
    timeout server  30s
    http-reuse always
    option  http-server-close
    option  http-keep-alive
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

# Enable HAProxy Cache 128MB of RAM
cache haproxy-cache
    total-max-size 128
    max-age 60m
    max-object-size 1000000
    process-vary off

# Enable HAProxy Statistics
listen stats
    bind *:8765
    stats enable
    stats uri /
    stats realm Haproxy\ Statistics
    stats auth admin:admin
    stats refresh 15s

# HAProxy Frontend
frontend http_front
    bind *:80
    mode http

    # Automatically handle the X-Forwarded-For header
    option forwardfor
    http-request set-header X-Forwarded-For %[src]

    # Enable cache lookup for frontend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # ACL Multi-Domain
    acl host_ha_web01 hdr(host) -i ha-web01.sys-ops.id.sideka.my.id
    acl host_ha_web02 hdr(host) -i ha-web02.sys-ops.id.sideka.my.id
    use_backend ha_web01_backend if host_ha_web01
    use_backend ha_web02_backend if host_ha_web02

    # Enable Gzip Compression
    compression algo gzip
    compression type text/html text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss
    compression offload

    # Add security headers
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header X-Frame-Options "SAMEORIGIN"
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline';"
    http-response set-header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob:"
    http-response set-header Referrer-Policy "strict-origin-when-cross-origin"    
    http-response set-header Permissions-Policy "microphone=(), geolocation=(self), fullscreen=()"
    
# HAProxy Backend ha_web01
backend ha_web01_backend
    # Load Balance Method (roundrobin, leastconn, source, random)
    balance leastconn

    # Persistence Connection
    stick-table type ip size 1m expire 30m
    stick on src

    # Remove Header Server
    http-response del-header Server

    # Health Check
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    option http-server-close
    option http-keep-alive

    # Enable cache lookup for backend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Backend server pool
    server web1 192.168.10.15:80 check maxconn 2500
    server web2 192.168.10.16:80 check maxconn 2500

# HAProxy Backend ha_web02
backend ha_web02_backend
    # Load Balance Method (roundrobin, leastconn, source, random)
    balance leastconn

    # Persistence Connection
    stick-table type ip size 1m expire 30m
    stick on src

    # Remove Header Server
    http-response del-header Server

    # Health Check
    option httpchk
    http-check send meth HEAD uri / ver HTTP/1.1 hdr Host localhost
    option http-server-close
    option http-keep-alive

    # Enable cache lookup for backend
    http-request cache-use haproxy-cache
    http-response cache-store haproxy-cache

    # Backend server pool
    server web1 192.168.10.15:80 check maxconn 2500
    server web2 192.168.10.16:80 check maxconn 2500
  • Cek file konfigurasi haproxy.cfg, pastikan valid tidak ada error
  • Restart service haproxy
haproxy -f /etc/haproxy/haproxy.cfg -c
systemctl restart haproxy

Pengujian

  • Akses HAproxy load balancer lewat web browser dengan url: http://ip_address atau http://domain
  • Akses HAproxy stats lewat web browser dengan url: http://ip_address:8765 atau http://domain:8765

Domain : ha-web01.sys-ops.id.sideka.my.id

Domain : ha-web02.sys-ops.id.sideka.my.id

HAProxy stats

Cek log HAProxy

tail -f /var/log/haproxy.log
---<output>---
2024-06-21T02:45:10.729824+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:10.714] 
http_front ha_web01_backend/web1 0/0/0/14/15 200 2370 - - ---- 3/2/0/0/0 0/0 "GET / HTTP/1.1"
2024-06-21T02:45:10.835227+00:00 haproxy haproxy[5297]: 116.206.14.29:34183 [21/Jun/2024:02:45:10.833] 
http_front ha_web01_backend/web1 0/0/0/1/1 200 1901 - - ---- 3/2/1/0/0 0/0 "GET /styles.css HTTP/1.1"
2024-06-21T02:45:10.927766+00:00 haproxy haproxy[5297]: 116.206.14.29:34185 [21/Jun/2024:02:45:10.925] 
http_front ha_web01_backend/web1 0/0/0/0/1 200 24184 - - ---- 5/4/1/0/0 0/0 "GET /particles.min.js HTTP/1.1"
2024-06-21T02:45:10.944909+00:00 haproxy haproxy[5297]: 116.206.14.29:34186 [21/Jun/2024:02:45:10.942] 
http_front ha_web01_backend/web1 0/0/1/0/1 200 3479 - - ---- 6/5/2/1/0 0/0 "GET /script.js HTTP/1.1"
2024-06-21T02:45:11.139317+00:00 haproxy haproxy[5297]: 116.206.14.29:6929 [21/Jun/2024:02:45:10.941] 
http_front ha_web01_backend/web1 0/0/0/0/196 200 169228 - - ---- 6/5/1/0/0 0/0 "GET /cat.png HTTP/1.1"
2024-06-21T02:45:11.440441+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:10.831] 
http_front ha_web01_backend/web1 0/0/0/2/607 200 2934830 - - ---- 6/5/0/0/0 0/0 "GET /tailwind.min.css HTTP/1.1"
2024-06-21T02:45:12.140375+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:12.123] 
http_front ha_web01_backend/web1 0/0/0/16/16 200 2370 - - ---- 6/5/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"

2024-06-21T02:45:14.103875+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:14.089] 
http_front ha_web01_backend/web2 0/0/0/13/13 200 2370 - - ---- 6/5/0/0/0 0/0 "GET / HTTP/1.1"
2024-06-21T02:45:14.211681+00:00 haproxy haproxy[5297]: 116.206.14.29:6929 [21/Jun/2024:02:45:14.208] 
http_front ha_web01_backend/web2 0/0/1/0/2 200 1901 - - ---- 6/5/3/1/0 0/0 "GET /styles.css HTTP/1.1"
2024-06-21T02:45:14.212454+00:00 haproxy haproxy[5297]: 116.206.14.29:34186 [21/Jun/2024:02:45:14.208] 
http_front ha_web01_backend/web2 0/0/0/1/3 200 24184 - - ---- 6/5/3/1/0 0/0 "GET /particles.min.js HTTP/1.1"
2024-06-21T02:45:14.214566+00:00 haproxy haproxy[5297]: 116.206.14.29:34183 [21/Jun/2024:02:45:14.210] 
http_front ha_web01_backend/web2 0/0/0/1/1 200 3479 - - ---- 6/5/2/1/0 0/0 "GET /script.js HTTP/1.1"
2024-06-21T02:45:14.398409+00:00 haproxy haproxy[5297]: 116.206.14.29:34185 [21/Jun/2024:02:45:14.207] 
http_front ha_web01_backend/web2 0/0/0/1/190 200 169228 - - ---- 6/5/1/0/0 0/0 "GET /cat.png HTTP/1.1"
2024-06-21T02:45:14.746318+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:14.207] 
http_front ha_web01_backend/web2 0/0/0/1/537 200 2934830 - - ---- 6/5/0/0/0 0/0 "GET /tailwind.min.css HTTP/1.1"
2024-06-21T02:45:15.389899+00:00 haproxy haproxy[5297]: 116.206.14.29:6927 [21/Jun/2024:02:45:15.375] 
http_front ha_web01_backend/web2 0/0/0/13/13 200 2370 - - ---- 6/5/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"

=========================================================================================================

2024-06-21T02:47:31.008673+00:00 haproxy haproxy[5297]: 116.206.14.29:34189 [21/Jun/2024:02:47:31.006] 
http_front ha_web02_backend/web1 0/0/0/1/1 200 1222 - - ---- 7/7/0/0/0 0/0 "GET / HTTP/1.1"
2024-06-21T02:47:31.112175+00:00 haproxy haproxy[5297]: 116.206.14.29:34189 [21/Jun/2024:02:47:31.110] 
http_front ha_web02_backend/web1 0/0/0/1/1 200 1204 - - ---- 7/7/0/0/0 0/0 "GET /css/styles.css HTTP/1.1"
2024-06-21T02:47:31.303682+00:00 haproxy haproxy[5297]: 116.206.14.29:6933 [21/Jun/2024:02:47:31.112] 
http_front ha_web02_backend/web1 0/0/0/0/190 200 169228 - - ---- 7/7/0/0/0 0/0 "GET /img/cat4.png HTTP/1.1"
2024-06-21T02:47:31.622047+00:00 haproxy haproxy[5297]: 116.206.14.29:6933 [21/Jun/2024:02:47:31.619] 
http_front ha_web02_backend/web1 0/0/0/2/2 200 1222 - - ---- 7/7/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"

2024-06-21T02:47:53.056813+00:00 haproxy haproxy[5297]: 116.206.14.29:34189 [21/Jun/2024:02:47:53.054] 
http_front ha_web02_backend/web2 0/0/0/2/2 200 1222 - - ---- 2/2/0/0/0 0/0 "GET / HTTP/1.1"
2024-06-21T02:47:53.170187+00:00 haproxy haproxy[5297]: 116.206.14.29:34189 [21/Jun/2024:02:47:53.168] 
http_front ha_web02_backend/web2 0/0/0/1/1 200 1204 - - ---- 2/2/0/0/0 0/0 "GET /css/styles.css HTTP/1.1"
2024-06-21T02:47:53.172867+00:00 haproxy haproxy[5297]: 116.206.14.29:6933 [21/Jun/2024:02:47:53.169] 
http_front ha_web02_backend/web2 0/0/0/1/2 200 169228 - - ---- 2/2/0/0/0 0/0 "GET /img/cat4.png HTTP/1.1"
2024-06-21T02:47:53.665320+00:00 haproxy haproxy[5297]: 116.206.14.29:6933 [21/Jun/2024:02:47:53.663] 
http_front ha_web02_backend/web2 0/0/0/1/1 200 1222 - - ---- 2/2/0/0/0 0/0 "GET /favicon.ico HTTP/1.1"

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.