728x90
우분투에서 HAProxy를 설치하고 구성하는 방법
테스트 환경
- 운영체제 버전 정보
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
- 도커 버전 정보
$ docker version
Client: Docker Engine - Community
Version: 20.10.22
API version: 1.41
Go version: go1.18.9
Git commit: 3a2c30b
Built: Thu Dec 15 22:28:04 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.22
API version: 1.41 (minimum version 1.12)
Go version: go1.18.9
Git commit: 42c8b31
Built: Thu Dec 15 22:25:49 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.15
GitCommit: 5b842e528e99d4d4c1686467debf2bd4b88ecd86
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
HAProxy 설치
패키지 세부 정보 표시
apt show haproxy
$ apt show haproxy
Package: haproxy
Version: 2.4.18-0ubuntu1
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian HAProxy Maintainers <team+haproxy@tracker.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3,683 kB
Pre-Depends: dpkg (>= 1.17.14), init-system-helpers (>= 1.54~)
Depends: libc6 (>= 2.34), libcrypt1 (>= 1:4.1.0), liblua5.3-0, libpcre2-8-0 (>= 10.22), libssl3 (>= 3.0.0~~alpha1), libsystemd0, adduser, lsb-base (>= 3.0-6)
Suggests: vim-haproxy, haproxy-doc
Homepage: http://www.haproxy.org/
Download-Size: 1,639 kB
APT-Sources: http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: fast and reliable load balancing reverse proxy
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. It features connection persistence through HTTP
cookies, load balancing, header addition, modification, deletion both ways. It
has request blocking capabilities and provides interface to display server
status.
N: There is 1 additional record. Please use the '-a' switch to see it
시스템 패키지 목록 업데이트
sudo apt update
HAProxy 설치
sudo apt install -y haproxy
HAProxy 버전 정보 확인
haproxy -v
$ haproxy -v
HAProxy version 2.4.18-0ubuntu1 2022/08/25 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.18.html
Running on: Linux 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
HAProxy 서비스 시작
systemctl --now enable haproxy
HAProxy 구성 파일 확인
/etc/haproxy/haproxy.cfg 파일을 편집하여 로드 밸런서를 구성합니다.
vim /etc/haproxy/haproxy.cfg
$ cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
728x90
HAProxy 아키텍처 다이어그램(haproxy architecture diagram)
도커 컨테이너로 웹서버 구성
docker compose 설정
vim docker-compose.yaml
$ cat docker-compose.yaml
version: '3'
services:
html1:
image: nginx:latest
container_name: html1
hostname: html1
volumes:
- ./html1:/usr/share/nginx/html
ports:
- 8081:80
html2:
image: nginx:latest
container_name: html2
hostname: html2
volumes:
- ./html2:/usr/share/nginx/html
ports:
- 8082:80
html3:
image: nginx:latest
container_name: html3
hostname: html3
volumes:
- ./html3:/usr/share/nginx/html
ports:
- 8083:80
html4:
image: nginx:latest
container_name: html4
hostname: html4
volumes:
- ./html4:/usr/share/nginx/html
ports:
- 8084:80
html5:
image: nginx:latest
container_name: html5
hostname: html5
volumes:
- ./html5:/usr/share/nginx/html
ports:
- 8085:80
웹서버 index.html 파일 생성
mkdir html{1,2,3,4,5}
echo "html1" > html1/index.html
(또는)
echo "<H1>nginx on backend html1 is running.</H1>" | sudo tee html1/index.html
$ cat html1/index.html
html1
웹서버 컨테이너 디렉토리 구조
$ tree
.
├── docker-compose.yaml
├── html1
│ └── index.html
├── html2
│ └── index.html
├── html3
│ └── index.html
├── html4
│ └── index.html
└── html5
└── index.html
docker compose 시작
docker-compose up -d
docker compose 프로세스 확인
$ docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------
html1 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8081->80/tcp,:::8081->80/tcp
html2 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8082->80/tcp,:::8082->80/tcp
html3 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8083->80/tcp,:::8083->80/tcp
html4 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8084->80/tcp,:::8084->80/tcp
html5 /docker-entrypoint.sh ngin ... Up 0.0.0.0:8085->80/tcp,:::8085->80/tcp
웹 페이지 호출 테스트
$ curl localhost:8081
html1
HAProxy 구성 파일 편집
haproxy(/etc/haproxy/haproxy.cfg) 파일을 편집하여 로드 밸런서를 구성합니다. 이 파일을 수정하려면 sudo 권한이 필요합니다.
vim /etc/haproxy/haproxy.cfg
frontend http-in
bind *:80
default_backend backend_servers
option forwardfor
backend backend_servers
balance roundrobin
server html1 127.0.0.1:8081 check
server html2 127.0.0.1:8082 check
server html3 127.0.0.1:8083 check
server html4 127.0.0.1:8084 check
server html5 127.0.0.1:8085 check
listen stats
bind :8080
stats enable
stats uri /
stats hide-version
stats auth admin:admin
default_backend backend_servers
HAProxy 구성 검증
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
$ sudo haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid
HAProxy 서비스 재시작
systemctl restart haproxy
웹페이지 호출 테스트(반복 호출)
while true; do curl localhost; sleep 1; done
$ while true; do curl localhost; sleep 1; done
html1
html2
html3
html4
html5
html1
html2
html3
html4
html5
html1
html2
html3
html4
HAProxy 통계 페이지
사용자 이름 : admin, 암호 : admin
http://192.168.0.61:8080
728x90
'리눅스' 카테고리의 다른 글
리눅스 sed 명령어 (0) | 2023.01.12 |
---|---|
[draft] CentOS 7에서 기본 저장소를 변경하는 방법 (0) | 2023.01.12 |
PHP 8.1에서 MongoDB 확장 모듈을 설치하는 방법 (0) | 2023.01.11 |
Ubuntu에서 Supervisor를 설치하는 방법 (0) | 2023.01.11 |
웹 서버에서 HSTS(HTTP Strict Transport Security)를 설정하는 방법 (0) | 2023.01.10 |