Search code examples
haproxy

How to install HAProxy and configure it in an ubuntu server?

I know I have asked this question before but i didn't get any answers for it.

How to install HAProxy and configure it in an Ubuntu server. I want to use it to map applications listening on various ports to specific URLs.

For example, if an app called page-designer is listening at http://IP:5000, then it should map it to http://IP/page-designer.

I have already installed the HAProxy package using sudo apt-get -y install haproxy. But what changes do I have to do in HAProxy main configuration file located at /etc/haproxy/haproxy.cfg before restarting the HAProxy service for the changes to take effect. And mainly after this how can I map my apps running on various ports to specific URLs like mentioned above?

haproxy.cfg

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend http-in
    mode    http

    bind *:80

    acl path-page-designer              path_beg -i /employeeList    
    use_backend page-designer-backend   if path-page-designer
    redirect scheme https code 301 if !{ ssl_fc }

backend page-designer-backend
    mode    http

    option  httplog
    option  forwardfor

    http-request set-path /

    server  appserver1 206.189.22.155:5000
Solution

  • To understand how haproxy works, you can find the essential config in:

    https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/

    In your case, you can try something like this...

    frontend http-in
    mode    http

    bind *:80
    bind *:443 ssl crt /etc/ssl/certs/your-cert.pem

    http-request redirect scheme https code 301 if !{ ssl_fc }

    acl path-page-designer              path_beg -i /page-designer    
    use_backend page-designer-backend   if path-page-designer

backend page-designer-backend
    mode    http

    option  httplog
    option  forwardfor

    http-request set-path /

    server  appserver1 206.189.22.155:5000