Logical topology

  haproxy 
-----------
w1  w2   w3
-----------
  dbserve  

All server using CentOS 7

103.23.22.x  (haproxy.darin.web.id)
103.43.47.x  (webserver01.darin.web.id)
103.43.47.x  (webserver02.darin.web.id)
103.43.47.x  (webserver03.darin.web.id)
103.41.188.x (database.darin.web.id)

Preparation

  1. Update and upgrade every server
  2. Install apache, php, php-mysql on web
  3. Install mysql/mariadb on database
  4. Make sure apache running on every web
  5. Create user, database, and allow remote connection on db
  6. Test connection between web and db by create php mysql connection

HA Proxy installation

yum -y update && upgrade
yum -y clean all; yum autoremove
yum -y install haproxy

HA Proxy enable logging

cp /etc/haproxy/haproxy.cfg haproxy.cfg.default
touch /var/log/haproxy.log
vim /etc/haproxy/haproxy.cfg
enable this line
log 127.0.0.1 local2

vim /etc/rsyslog.conf
uncomment this line
$ModLoad imudp
$UDPServerRun 514

cat >> /etc/rsyslog.d/haproxy.conf
local2.* /var/log/haproxy.log

service rsyslog restart
service rsyslog status
tail -f /var/log/haproxy.log

HA Proxy configuration

vim /etc/haproxy/haproxy.cfg

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000 
    user        haproxy
    group       haproxy
    daemon

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

    stats socket /var/lib/haproxy/stats    
    #listen stats 
    #bind 0.0.0.0:9000
    mode http
    stats enable
    stats refresh 15s
    stats show-node
    stats auth username:password
    stats uri  /haproxy?stats

frontend thisisfrontend
    bind    *:80
    default_backend thisisbackend
    option  forwardfor

backend thisisbackend
    balance roundrobin
    server webserver01.darin.web.id 103.43.47.x:80 check
    server webserver02.darin.web.id 103.43.47.x:80 check
    server webserver03.darin.web.id 103.43.47.x:80 check

systemctl start haproxy
systemctl enable haproxy

Testing

try to access ip ha proxy on webserver
try to stop webserver01 and see whether apache still accesible or not
access ha-proxy stats to monit
http://103.23.22.x/haproxy?stats

SSL Termination

global
    tune.ssl.default-dh-param 2048
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000 
    user        haproxy
    group       haproxy
    daemon

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

    #stats socket /var/lib/haproxy/stats    
    listen stats 
    bind 0.0.0.0:9000
    mode http
    stats enable
    stats refresh 15s
    stats show-node
    stats auth username:password
    stats uri  /haproxy?stats

frontend thisisfrontend
    bind *:80
    bind *:443 ssl crt /etc/ssl/file.pem
    default_backend thisisbackend
    option  forwardfor

backend thisisbackend
    balance roundrobin
    server webserver01 x.x.x.x:80 check
    server webserver02 x.x.x.x:80 check