Show Table of Contents
A.4. Install and Configure HAProxy
Perform the following procedure on your two HAProxy nodes:
- Install
haproxy.#
yum install haproxy - Configure
haproxyfor SELinux and HTTP.#
vim /etc/firewalld/services/haproxy-http.xmlAdd the following lines:<?xml version="1.0" encoding="utf-8"?> <service> <short>HAProxy-HTTP</short> <description>HAProxy load-balancer</description> <port protocol="tcp" port="80"/> </service>
As root, assign the correct SELinux context and file permissions to thehaproxy-http.xmlfile.#
cd /etc/firewalld/services#restorecon haproxy-http.xml#chmod 640 haproxy-http.xml - If you intend to use HTTPS, configure
haproxyfor SELinux and HTTPS.#
vim /etc/firewalld/services/haproxy-https.xmlAdd the following lines:<?xml version="1.0" encoding="utf-8"?> <service> <short>HAProxy-HTTPS</short> <description>HAProxy load-balancer</description> <port protocol="tcp" port="443"/> </service>
As root, assign the correct SELinux context and file permissions to thehaproxy-https.xmlfile.#
cd /etc/firewalld/services#restorecon haproxy-https.xml#chmod 640 haproxy-https.xml - If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide.Finally, put the certificate and key into a PEM file.
#
cat example.com.crt example.com.key > example.com.pem#cp example.com.pem /etc/ssl/private/ - Configure HAProxy.
#
vim /etc/haproxy/haproxy.cfgTheglobalanddefaultssections ofhaproxy.cfgmay remain unchanged. After thedefaultssections, you will need to configurefrontendandbackendsections, as in the following example:frontend http_web *:80 mode http default_backend rgw frontend rgw-https bind <insert vip ipv4>:443 ssl crt /etc/ssl/private/example.com.pem default_backend rgw backend rgw balance roundrobin mode http server rgw1 10.0.0.71:80 check server rgw2 10.0.0.80:80 check - Enable/start
haproxy#
systemctl enable haproxy#systemctl start haproxy
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.