Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

A.4. Install and Configure HAProxy

Perform the following procedure on your two HAProxy nodes:
  1. Install haproxy. 
    # yum install haproxy
  2. Configure haproxy for SELinux and HTTP. 
    # vim /etc/firewalld/services/haproxy-http.xml
    Add the following lines: 
    <?xml version="1.0" encoding="utf-8"?>
<service>
<short>HAProxy-HTTP</short>
<description>HAProxy load-balancer</description>
<port protocol="tcp" port="80"/>
</service>
    As root, assign the correct SELinux context and file permissions to the haproxy-http.xml file. 
    # cd /etc/firewalld/services
# restorecon haproxy-http.xml
# chmod 640 haproxy-http.xml
  3. If you intend to use HTTPS, configure haproxy for SELinux and HTTPS. 
    # vim /etc/firewalld/services/haproxy-https.xml
    Add the following lines: 
    <?xml version="1.0" encoding="utf-8"?>
<service>
<short>HAProxy-HTTPS</short>
<description>HAProxy load-balancer</description>
<port protocol="tcp" port="443"/>
</service>
    As root, assign the correct SELinux context and file permissions to the haproxy-https.xml file. 
    # cd /etc/firewalld/services
# restorecon haproxy-https.xml
# chmod 640 haproxy-https.xml
  4. If you intend to use HTTPS, generate keys for SSL. If you do not have a certificate, you may use a self-signed certificate. For information on generating keys and on self-signed certificates, see the Red Hat Enterprise Linux System Administrator's Guide.
    Finally, put the certificate and key into a PEM file. 
    # cat example.com.crt example.com.key > example.com.pem
# cp example.com.pem /etc/ssl/private/
  5. Configure HAProxy. 
    # vim /etc/haproxy/haproxy.cfg
    The global and defaults sections of haproxy.cfg may remain unchanged. After the defaults sections, you will need to configure frontend and backend sections, as in the following example: 
    frontend http_web *:80
    mode http
    default_backend rgw

frontend rgw­-https
  bind <insert vip ipv4>:443 ssl crt /etc/ssl/private/example.com.pem
  default_backend rgw

backend rgw
    balance roundrobin
    mode http
    server  rgw1 10.0.0.71:80 check
    server  rgw2 10.0.0.80:80 check
  6. Enable/start haproxy 
    # systemctl enable haproxy
# systemctl start haproxy