To set up your servers and configure the hosts file, you need to follow these steps:
- Create a new user on all servers and call it “webadmin” by running the following command:
$ adduser webadmin
- Add the user “sysadmin” to the sudo group using the command:
$ usermod -aG sudo webadmin
- Switch to the “webadmin” user:
$ su - webadmin
- Use the sudo command to list the contents of the /root directory to test that the user is now part of the sudo group:
$ sudo ls -la /root
- You can go one step further and add the following to sudoers file at the bottom to stop it asking you for a password every time you use the sudo command:
$ sudo visudo
%webadmin ALL=(ALL) NOPASSWD:ALL
- Make a backup copy of the /etc/hosts file by running this command:
$ sudo cp -v /etc/hosts{,.bkup}
Add the following entries to the hosts file:
# Load balancers
10.1.0.2 lb_1
10.1.0.3 lb_2
# Web servers
10.1.0.4 webserver_1
10.1.0.5 webserver_2
On all of the web servers, run the following commands:
$ sudo -i
$ apt update -y && sudo apt upgrade -y && sudo apt install -y apache2
--On Webserver_1
$ echo "This is webserver_1" > /var/www/html/index.html
--On Webserver_2
$ echo "This is webserver_2" > /var/www/html/index.html
$ systemctl enable apache2.service && systemctl start apache2 && sudo systemctl status apache2.service
On all of the load balancers, perform the following steps:
$ sudo -i
$ apt update -y && sudo apt upgrade -y && sudo apt install -y haproxy
$ cp -v /etc/haproxy/haproxy.conf{,.bkup}
or
$ cp -v /etc/haproxy/haproxy.cfg{,.bkup}
$ if [ -f /etc/haproxy/haproxy.conf ]; then nano /etc/haproxy/haproxy.conf; else nano /etc/haproxy/haproxy.cfg; fi
Replace the haproxy configuration with the following for lb_1:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend my_frontend
bind *:80
default_backend my_backend
backend my_backend
balance roundrobin
server webserver_1 10.1.0.4:80 check
server webserver_2 10.1.0.5:80 check
Replace the haproxy configuration with the following for lb_2:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend my_frontend
bind *:80
default_backend my_backend
backend my_backend
balance roundrobin
server webserver_1 10.1.0.4:80 check
server webserver_2 10.1.0.5:80 check
Test the haproxy configuration on both load balancers:
$ haproxy -f /etc/haproxy/haproxy.cfg -c
$ sudo systemctl enable haproxy && sudo systemctl restart haproxy && sudo systemctl status haproxy
Install keepalived on all load balancers:
$ apt install keepalived -y
Replace the keepalived configuration with the following for lb_1:
$ nano /etc/keepalived/keepalived.conf
global_defs {
enable_script_security
}
vrrp_script chk_haproxy {
script "killall -0 haproxy" # Check if HAProxy process is running
interval 2 # Check every 2 seconds
weight 2 # Weight to influence master election
user webadmin # User you want the script to run as
}
vrrp_instance VI_1 {
state MASTER
interface enp0s8 # Network interface to bind to
virtual_router_id 51
priority 101 # Higher priority on the primary server
advert_int 1
authentication {
auth_type PASS
auth_pass **SVs2@k_-g6TD** # Set a strong authentication password
}
virtual_ipaddress {
10.1.0.6 # Your VIP address, this is the floating IP
}
track_script {
chk_haproxy
}
}
Replace the keepalived configuration with the following for lb_2:
global_defs {
enable_script_security
}
vrrp_script chk_haproxy {
script "killall -0 haproxy" # Check if HAProxy process is running
interval 2 # Check every 2 seconds
weight 2 # Weight to influence master election
user webadmin
}
vrrp_instance VI_1 {
state BACKUP
interface enp0s8 # Network interface to bind to
virtual_router_id 51
priority 100 # Lower priority on the backup server
advert_int 1
authentication {
auth_type PASS
auth_pass **SVs2@k_-g6TD** # Same password as on the primary server
}
virtual_ipaddress {
10.1.0.6 # Your VIP address, this is the floating IP
}
track_script {
chk_haproxy
}
}
Test the keepalived configuration and start the service on both load balancers:
$ keepalived -t
$ systemctl start keepalived && systemctl enable keepalived && systemctl status keepalived |grep Active
Check the IP addresses on both load balancers:
$ ip --brief add
Take down the interface on lb_1:
$ ip link set enp0s8 down
Test that both websites still load. If everything is working fine, the configuration is complete.
and
If you need to adjust your configurations then I would recommend following the documents here: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/core-concepts/