라우터 경로
서브도메인을 위한 haproxy 셋팅
이것이 필요한 이유는, 도메인을 하나 할당받고( 유료일것입니다.)
우리의 Home아이피는 가장싼 유동 아이피 인터넷일것이며
내부 아이피에 오로지 80번 포트만으로 여러가지 서브도메인을 DNS서버없이 연결할것입니다.
이러한 설정으로 다음과 같이 지라 4총사가 구축되었습니다.
- http://wiki.webnori.com
- http://jira.webnori.com
- http://git.webnori.com
- http://bam.webnori.com
- http://media.webnori.com (이건 보너스로, 플렉스미디어 서버)
/etc/haproxy.cfg
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull option http-server-close retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend http bind *:80 acl host_jira hdr(host) -i jira.webnori.com acl host_wiki hdr(host) -i wiki.webnori.com acl host_media hdr(host) -i media.webnori.com acl host_git hdr(host) -i git.webnori.com acl host_bam hdr(host) -i bam.webnori.com acl host_home hdr(host) -i webnori.com acl is_root path -i / acl is_domain hdr(host) -i webnori.com use_backend jiraapp if host_jira use_backend wikiapp if host_wiki use_backend mediaapp if host_media use_backend gitapp if host_git use_backend bamapp if host_bam use_backend homeapp2 if host_home backend jiraapp balance roundrobin server host1 192.168.56.103:8080 backend wikiapp balance roundrobin server host1 192.168.56.103:8090 backend gitapp balance roundrobin server host1 192.168.56.104:7990 backend bamapp balance roundrobin server host1 192.168.56.104:8085 backend mediaapp balance roundrobin server host1 127.0.0.1:32400 backend homeapp2 balance roundrobin server host1 192.168.56.104:9000 #/etc/init.d/haproxy restart
SSL 설정