HAProxy --> https://fr.wikipedia.org/wiki/HAProxy WAF --> https://en.wikipedia.org/wiki/Web_application_firewall http://docs.haproxy.org/3.1/intro.html#1 haproxy-main --> 10.184.116.173 Hosts three diffzerent apache server either on default port 80 (HTTP) or on 443 (HTTPS) : one-apache --> 10.184.116.93 - index.html : Bienvenue sur le serveur 1 two-apache --> 10.184.116.43 - index.html : Bienvenue sur le serveur 2 three-apache --> 10.184.116.118 - index.html : Bienvenue sur le serveur 3 On all apache hosts : apt update apt install apache2 systemctl restart apache2 ### Configuration HTTP: global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon defaults log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms retries 3 listen stats bind *:8080 stats enable stats uri /haproxy?stats stats refresh 10s stats auth admin:admin # Identifiants pour accès frontend http_front bind *:80 mode http default_backend http_backends option httplog backend http_backends mode http balance roundrobin option httpchk GET / server server1 10.184.116.93:80 check inter 3s fall 3 rise 2 server server2 10.184.116.43:80 check inter 3s fall 3 rise 2 server server3 10.184.116.118:80 check inter 3s fall 3 rise 2 ### Configuration HTTTPS: global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 ssl-default-bind-ciphers HIGH:!aNULL:!MD5 defaults log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms retries 3 frontend http_front bind *:80 mode http redirect scheme https if !{ ssl_fc } # Rediriger HTTP vers HTTPS frontend https_front bind *:443 ssl crt /etc/haproxy/haproxy.pem mode http default_backend http_backends option httplog backend http_backends mode http balance roundrobin option httpchk GET / server server1 10.184.116.93:80 check server server2 10.184.116.43:80 check server server3 10.184.116.118:80 check cette configuration sans stats fonctionne mais pas celle en dessous avec les stats pourquoi (j'obtiens un message d'erreur : root@haproxy-main:~# cat /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 ssl-default-bind-ciphers HIGH:!aNULL:!MD5 defaults log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms retries 3 frontend http_front bind *:80 mode http default_backend http_backends option httplog backend http_backends mode http balance roundrobin option httpchk GET / server server1 10.184.116.93:80 check inter 3s fall 3 rise 2 server server2 10.184.116.43:80 check inter 3s fall 3 rise 2 server server3 10.184.116.118:80 check inter 3s fall 3 rise 2 root@haproxy-main:~# systemctl restart haproxy root@haproxy-main:~# mais celle ci ne fonctionne pas : root@haproxy-main:~# cat /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 ssl-default-bind-ciphers HIGH:!aNULL:!MD5 defaults log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms retries 3 frontend stats mode http bind *:9000 stats enable stats refresh 10s stats uri /stats stats admin auth admin:admin frontend http_front bind *:80 mode http default_backend http_backends option httplog backend http_backends mode http balance roundrobin option httpchk GET / server server1 10.184.116.93:80 check inter 3s fall 3 rise 2 server server2 10.184.116.43:80 check inter 3s fall 3 rise 2 server server3 10.184.116.118:80 check inter 3s fall 3 rise 2 root@haproxy-main:~# systemctl restart haproxy Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xeu haproxy.service" for details.