You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

라우터 경로

Error rendering macro 'viewppt'

com.atlassian.confluence.macro.MacroExecutionException: com.atlassian.confluence.macro.MacroExecutionException: The viewfile macro is unable to locate the attachment "haproxyfordomain.pptx" on this page

서브도메인을 위한 haproxy 셋팅

 이것이 필요한 이유는, 도메인을 하나 할당받고( 유료일것입니다.)

우리의 Home아이피는 가장싼 유동 아이피 인터넷일것이며

내부 아이피에 오로지 80번 포트만으로 여러가지 서브도메인을 DNS서버없이 연결할것입니다.


이러한 설정으로 다음과 같이 지라 4총사가 구축되었습니다.

/etc/haproxy.cfg 
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	option http-server-close
	retries                 3
	timeout http-request    10s
	timeout queue           1m
	timeout connect         10s
	timeout client          1m
	timeout server          1m
	timeout http-keep-alive 10s
	timeout check           10s
	maxconn                 3000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http
bind *:80

acl host_jira hdr(host) -i jira.webnori.com
acl host_wiki hdr(host) -i wiki.webnori.com
acl host_media hdr(host) -i media.webnori.com
acl host_git hdr(host) -i git.webnori.com
acl host_bam hdr(host) -i bam.webnori.com
acl host_home hdr(host) -i webnori.com

acl is_root path -i /
acl is_domain hdr(host) -i webnori.com


use_backend jiraapp    if host_jira
use_backend wikiapp    if host_wiki
use_backend mediaapp    if host_media
use_backend gitapp	if host_git
use_backend bamapp	if host_bam
use_backend homeapp2	if host_home


backend jiraapp
   balance roundrobin 
   server host1 192.168.56.103:8080 

backend wikiapp
   balance roundrobin
   server host1 192.168.56.103:8090

backend gitapp
   balance roundrobin
   server host1 192.168.56.104:7990

backend bamapp
   balance roundrobin
   server host1 192.168.56.104:8085

backend mediaapp
   balance roundrobin
   server host1 127.0.0.1:32400


backend homeapp2
   balance roundrobin
   server host1 192.168.56.104:9000


#/etc/init.d/haproxy restart


SSL 설정

https 프로토콜을 사용하기위해서 위와같은 구조로 SSL인증과정을 단일화 할것입니다.

Why? SSL인증처리를 각 WWW-N 서버에 두게되면 모든 서버마다 SSL설정을 해야하며

인증서 만료에따른 관리교체가 힘들어집니다.

 



  • No labels