senke/talas-group
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talas-group/04_INFRA_DEPLOIEMENT/Notes_Operations/haproxy_getstarted_roadmap.txt

202 lines
4.8 KiB
Text
Raw Permalink Normal View History

Initial commit: Talas Group project management & documentation Knowledge base of ~80+ markdown files across 14 domains (00-13), Logseq graph, hardware design files (KiCAD), infrastructure configs, and talas-wiki static site. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 18:10:41 +00:00
HAProxy --> https://fr.wikipedia.org/wiki/HAProxy
WAF --> https://en.wikipedia.org/wiki/Web_application_firewall
http://docs.haproxy.org/3.1/intro.html#1
haproxy-main --> 10.184.116.173
Hosts three diffzerent apache server either on default port 80 (HTTP) or on 443 (HTTPS) :
one-apache --> 10.184.116.93
- index.html :
Bienvenue sur le serveur 1
two-apache --> 10.184.116.43
- index.html :
Bienvenue sur le serveur 2
three-apache --> 10.184.116.118
- index.html :
Bienvenue sur le serveur 3
On all apache hosts :
apt update
apt install apache2
systemctl restart apache2
### Configuration HTTP:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
listen stats
bind *:8080
stats enable
stats uri /haproxy?stats
stats refresh 10s
stats auth admin:admin # Identifiants pour accès
frontend http_front
bind *:80
mode http
default_backend http_backends
option httplog
backend http_backends
mode http
balance roundrobin
option httpchk GET /
server server1 10.184.116.93:80 check inter 3s fall 3 rise 2
server server2 10.184.116.43:80 check inter 3s fall 3 rise 2
server server3 10.184.116.118:80 check inter 3s fall 3 rise 2
### Configuration HTTTPS:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers HIGH:!aNULL:!MD5
defaults
log global
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
frontend http_front
bind *:80
mode http
redirect scheme https if !{ ssl_fc } # Rediriger HTTP vers HTTPS
frontend https_front
bind *:443 ssl crt /etc/haproxy/haproxy.pem
mode http
default_backend http_backends
option httplog
backend http_backends
mode http
balance roundrobin
option httpchk GET /
server server1 10.184.116.93:80 check
server server2 10.184.116.43:80 check
server server3 10.184.116.118:80 check
cette configuration sans stats fonctionne mais pas celle en dessous avec les stats pourquoi (j'obtiens un message d'erreur :
root@haproxy-main:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers HIGH:!aNULL:!MD5
defaults
log global
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
frontend http_front
bind *:80
mode http
default_backend http_backends
option httplog
backend http_backends
mode http
balance roundrobin
option httpchk GET /
server server1 10.184.116.93:80 check inter 3s fall 3 rise 2
server server2 10.184.116.43:80 check inter 3s fall 3 rise 2
server server3 10.184.116.118:80 check inter 3s fall 3 rise 2
root@haproxy-main:~# systemctl restart haproxy
root@haproxy-main:~#
mais celle ci ne fonctionne pas :
root@haproxy-main:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers HIGH:!aNULL:!MD5
defaults
log global
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
retries 3
frontend stats
mode http
bind *:9000
stats enable
stats refresh 10s
stats uri /stats
stats admin auth admin:admin
frontend http_front
bind *:80
mode http
default_backend http_backends
option httplog
backend http_backends
mode http
balance roundrobin
option httpchk GET /
server server1 10.184.116.93:80 check inter 3s fall 3 rise 2
server server2 10.184.116.43:80 check inter 3s fall 3 rise 2
server server3 10.184.116.118:80 check inter 3s fall 3 rise 2
root@haproxy-main:~# systemctl restart haproxy
Job for haproxy.service failed because the control process exited with error code.
See "systemctl status haproxy.service" and "journalctl -xeu haproxy.service" for details.
Reference in a new issue Copy permalink