사용목적
- 분산된 여러서버의 라우팅을 쉽게 관리(L7)
- 개임홈서버의 제한된 IP로 인해, 하나의 도메인에 여러 IP/PORT를 할당하여 다중 서비스화 가능
- ss
마니홈 개인설정 샘플
/etc/haproxy/haproxy.cfg
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS spread-checks 4 tune.maxrewrite 1024 tune.ssl.default-dh-param 2048 defaults log global mode http option httplog option dontlognull option http-server-close option http-keep-alive option forwardfor retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http #frontend https #bind *:443 ssl crt /etc/ssl/private/webnori_com.pem #http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" #reqadd X-Forwarded-Proto:\ https #default_backend homeapp2 frontend http bind *:80 #bind *:443 ssl crt /etc/ssl/private/webnori_com.pem #http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" #play acl host_playws hdr_beg(Host) -i ws acl host_playweb hdr(host) -i play.webnori.com acl host_jira hdr(host) -i jira.webnori.com acl host_wiki hdr(host) -i wiki.webnori.com acl host_media hdr(host) -i media.webnori.com acl host_git hdr(host) -i git.webnori.com acl host_bam hdr(host) -i bam.webnori.com acl host_spark hdr(host) -i spark.webnori.com acl host_home hdr(host) -i webnori.com acl is_root path -i / acl is_domain hdr(host) -i webnori.com use_backend jiraapp if host_jira use_backend wikiapp if host_wiki use_backend mediaapp if host_media use_backend gitapp if host_git use_backend bamapp if host_bam use_backend sparkapp if host_spark use_backend homeapp2 if host_home #play use_backend playws if host_playws use_backend playweb if host_playweb backend jiraapp mode http balance roundrobin option forwardfor server host1 192.168.56.103:8080 backend wikiapp mode http balance roundrobin server host1 192.168.56.103:8090 backend gitapp mode http balance roundrobin option forwardfor server host1 192.168.56.104:7990 backend bamapp mode http balance roundrobin option forwardfor server host1 192.168.56.104:8085 backend mediaapp mode http balance roundrobin option forwardfor server host1 127.0.0.1:32400 backend sparkapp mode http balance roundrobin option forwardfor server host1 127.0.0.1:32770 # play backend playws mode http balance source option http-server-close option forceclose server host1 192.168.56.104:9000 weight 1 maxconn 1024 check backend playweb mode http balance roundrobin option forwardfor server host1 192.168.56.104:9000 backend homeapp2 redirect prefix http://psmon5.wixsite.com/webnori code 301 #/etc/init.d/haproxy restart #service apache2 restart