Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

사용목적

  • 분산된 여러서버의 라우팅을 쉽게 관리(L7)
  • 개임홈서버의 제한된 IP로 인해, 하나의 도메인에 여러 IP/PORT를 할당하여 다중 서비스화 가능
  • ss


마니홈 개인설정 샘플

Code Block
languagebash
themeEmacs
title/etc/haproxy/haproxy.cfg
linenumberstrue
global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    ssl-default-bind-options   no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers   ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

    spread-checks 4
    tune.maxrewrite 1024
    tune.ssl.default-dh-param 2048

defaults
    log    global
    mode    http
    option    httplog
    option    dontlognull
    option http-server-close
    option http-keep-alive
    option forwardfor
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

#frontend https
#bind *:443 ssl crt /etc/ssl/private/webnori_com.pem
#http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
#reqadd X-Forwarded-Proto:\ https
#default_backend homeapp2

frontend http
bind *:80
#bind *:443 ssl crt /etc/ssl/private/webnori_com.pem
#http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

#play
acl host_playws hdr_beg(Host) -i ws

acl host_playweb hdr(host) -i play.webnori.com
acl host_jira hdr(host) -i jira.webnori.com
acl host_wiki hdr(host) -i wiki.webnori.com
acl host_media hdr(host) -i media.webnori.com
acl host_git hdr(host) -i git.webnori.com
acl host_bam hdr(host) -i bam.webnori.com
acl host_spark hdr(host) -i spark.webnori.com



acl host_home hdr(host) -i webnori.com
acl is_root path -i /
acl is_domain hdr(host) -i webnori.com

use_backend jiraapp    if host_jira
use_backend wikiapp    if host_wiki
use_backend mediaapp    if host_media
use_backend gitapp    if host_git
use_backend bamapp    if host_bam
use_backend sparkapp    if host_spark
use_backend homeapp2    if host_home

#play
use_backend playws    if host_playws
use_backend playweb    if host_playweb



backend jiraapp
   mode http
   balance roundrobin 
   option forwardfor   
   server host1 192.168.56.103:8080

backend wikiapp
   mode http
   balance roundrobin
   server host1 192.168.56.103:8090

backend gitapp
   mode http
   balance roundrobin
   option forwardfor
   server host1 192.168.56.104:7990

backend bamapp
   mode http
   balance roundrobin
   option forwardfor
   server host1 192.168.56.104:8085

backend mediaapp
   mode http
   balance roundrobin
   option forwardfor
   server host1 127.0.0.1:32400

backend sparkapp
   mode http
   balance roundrobin
   option forwardfor
   server host1 127.0.0.1:32770

# play
backend playws
   mode http
   balance source
   option http-server-close
   option forceclose
   server host1 192.168.56.104:9000 weight 1 maxconn 1024 check

backend playweb
   mode http
   balance roundrobin
   option forwardfor
   server host1 192.168.56.104:9000


backend homeapp2
   redirect prefix http://psmon5.wixsite.com/webnori code 301

#/etc/init.d/haproxy restart
#service apache2 restart

...