Setting Multiple Web Server with Single IP using HAproxy and MikroTik – GNS3 Lab46

Setting Multiple Web Server dengan Single IP menggunakan HAproxy dan MikroTik – GNS3 Lab46

  • MikroTik-1 ether1: 188.1.1.100/24
  • MikroTik-1 ether2: 192.168.88.1/24
  • MikroTik-1 ether3: 192.168.1.1/24
  • Router Internet ether1: 188.1.1.1/24
  • Router Internet ether2: 220.1.1.1/24
  • Router Internet ether3: 212.212.212.1/24
  • Router DNS server: 220.1.1.100/24
  • HAproxy: 192.168.88.88/24
  • WEB-1: 192.168.1.2/24
  • WEB-2: 192.168.1.3/24
  • User: 212.212.212.212/24
  • domain: web1.sys-ops.id > 188.1.1.100
  • domain: web2.sys-ops.id > 188.1.1.100

Setting Web Server (ubuntu 22.04)

  • WEB-1
### Setting IP Address

root@ubuntu:~# nano /etc/netplan/00-installer-config.yaml
network:
  ethernets:
    enp0s3:
      dhcp4: no
      addresses: [192.168.1.2/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
  version: 2

root@ubuntu:~# netplan apply

----------------------------------------------------------------------
### Install Apache2

root@ubuntu:~# apt update && apt install apache2 -y && systemctl restart apache2

----------------------------------------------------------------------
### Edit file /var/www/html/index.html

root@ubuntu:~# nano /var/www/html/index.html
<html>
<body>
<h1>Website : web1.sys-ops.id (192.168.1.2)</h1>
<h4>SYS-OPS.ID</h4>
</body>
</html>

  • WEB-2
### Setting IP Address

root@ubuntu:~# nano /etc/netplan/00-installer-config.yaml
network:
  ethernets:
    enp0s3:
      dhcp4: no
      addresses: [192.168.1.3/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
  version: 2

root@ubuntu:~# netplan apply

----------------------------------------------------------------------
### Install Apache2

root@ubuntu:~# apt update && apt install apache2 -y && systemctl restart apache2

----------------------------------------------------------------------
### Edit file /var/www/html/index.html

root@ubuntu:~# nano /var/www/html/index.html
<html>
<body>
<h1>Website : web2.sys-ops.id (192.168.1.3)</h1>
<h4>SYS-OPS.ID</h4>
</body>
</html>

Setting HAproxy (ubuntu 22.04)

  • Setting IP Address
root@ubuntu:~# nano /etc/netplan/00-installer-config.yaml
network:
  ethernets:
    enp0s3:
      dhcp4: no
      addresses: [192.168.88.88/24]
      gateway4: 192.168.88.1
      nameservers:
        addresses:
          - 8.8.8.8
  version: 2

root@ubuntu:~# netplan apply
  • Install HAproxy
root@ubuntu:~# apt update && add-apt-repository ppa:vbernat/haproxy-2.5 --yes
root@ubuntu:~# apt-cache policy haproxy
root@ubuntu:~# apt install haproxy -y

root@ubuntu:~# mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bk
root@ubuntu:~# nano /etc/haproxy/haproxy.cfg
root@ubuntu:~# systemctl restart haproxy
  • Setting HAproxy
  • Jika tidak ingin menggunakan https bisa hapus redirect scheme https code 301 if !{ ssl_fc } dan frontend https_front {….}
defaults
        mode http
        option httplog
        timeout connect 5s
        timeout client 30s
        timeout server 30s
        maxconn 10000
        fullconn 10000
        retries 5

# Frondend
frontend http_front
        bind *:80
        mode http
        redirect scheme https code 301 if !{ ssl_fc }

        acl url_web1 hdr_dom(host) -i web1.sys-ops.id
        acl url_web2 hdr_dom(host) -i web2.sys-ops.id
        use_backend WEB1 if url_web1
        use_backend WEB2 if url_web2

frontend https_front
        bind *:443 ssl crt /etc/haproxy/ssl/sys-ops.id.pem ssl-min-ver TLSv1.1 ssl-max-ver TLSv1.3 ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
        mode http

        acl url_web1 hdr_dom(host) -i web1.sys-ops.id
        acl url_web2 hdr_dom(host) -i web2.sys-ops.id
        use_backend WEB1 if url_web1
        use_backend WEB2 if url_web2

# Backend
backend WEB1
        mode http
        server web1 192.168.1.2:80 check maxconn 5000
backend WEB2
        mode http
        server web2 192.168.1.3:80 check maxconn 5000

Setting MikroTik-1

/ip address
add address=192.168.1.1/24 interface=ether3 network=192.168.1.0
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
add address=188.1.1.100/24 interface=ether1 network=188.1.1.0

/ip route
add check-gateway=ping distance=1 gateway=188.1.1.1

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-address=188.1.1.100 dst-port=80 protocol=tcp to-addresses=192.168.88.88 to-ports=80
add action=dst-nat chain=dstnat dst-address=188.1.1.100 dst-port=443 protocol=tcp to-addresses=192.168.88.88 to-ports=443
add action=dst-nat chain=dstnat dst-address=188.1.1.100 dst-port=22 protocol=tcp to-addresses=192.168.88.88 to-ports=22

Setting Router Internet

/ip address
add address=188.1.1.1/24 interface=ether1 network=188.1.1.0
add address=220.1.1.1/24 interface=ether2 network=220.1.1.0
add address=212.212.212.1/24 interface=ether3 network=212.212.212.0

Setting Router DNS server

/ip address
add address=220.1.1.100/24 interface=ether1 network=220.1.1.0

/ip route
add check-gateway=ping distance=1 gateway=220.1.1.1

/ip dns static
add address=188.1.1.100 name=web1.sys-ops.id
add address=188.1.1.100 name=web2.sys-ops.id
add address=220.1.1.100 name=dns.sys-ops.id

Setting IP Address User


Pengujian

  • Ping dari User ke domain
  • Domain web1.sys-ops.id dan web2.sys-ops.id berhasil di akses dari komputer User dan tampilan websitenya sesuai dengan mapping HAproxy

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.