HAPROXY – ChoseSoft

HAPROXY

HAProxy is a reliable, high-performance TCP/HTTP load balancer that ensures efficient distribution of traffic across our servers. By implementing HAProxy, we enhance our infrastructure’s availability and performance, seamlessly handling increased web traffic and preventing downtime. Its ability to balance loads and manage failover scenarios makes it an essential component of our robust system.

HAProxy can redirect requests to specific services based on URL patterns, ensuring optimal performance and availability. By implementing HAProxy, we enhance our system’s reliability and scalability, seamlessly handling increased web traffic and preventing downtime.

frontend web

        mode http
        option forwardfor
        option httpclose
        bind *:80    
        bind *:443 ssl crt /etc/haproxy/certs/
        #wordpress termination ssl
        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        http-request redirect scheme https unless { ssl_fc }
        
        #redirect gitea
        acl host_gitea hdr(host) -i gitea.chosesoft.eu
        use_backend http_gitea if host_gitea
        
        #redirect wordpress
        acl host_web hdr(host) -i chosesoft.eu
        use_backend http_web if host_web

        #redirect nas
        acl host_nas hdr(host) -i nas.chosesoft.eu
        use_backend http_nas if host_nas

backend http_gitea
        mode http
        option forwardfor
        server gitea 192.168.11.101:8418

backend http_nas
        mode http
        option forwardfor
        server gitea 192.168.11.101:5000

backend http_web
        mode http
        option forwardfor
        server gitea 192.168.11.205:80

And check if config is valid:

haproxy -c -f /etc/haproxy/haproxy.cfg

SSL certs

All SSL certs ale stored in /etc/haproxy/certs/

You can generate SSL certs manualy by openSSL

openssl genrsa -out chosesoft.eu.key 2048
openssl req -new -key chosesoft.eu.key -out chosesoft.eu.csr
openssl x509 -req -days 365 -in chosesoft.eu.csr -signkey chosesoft.eu.key -out chosesoft.eu.crt
cat chosesoft.eu.key chosesoft.eu.crt >> chosesoft.eu.pem

Or if you need valid certs for browsers you should use certonly – letsencrypt

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot certonly --standalone -d  chosesoft.eu
sudo certbot certonly --standalone -d  nas.chosesoft.eu
sudo certbot certonly --standalone -d  proxmox.chosesoft.eu
sudo certbot certonly --standalone -d  gitea.chosesoft.eu

Renew certs

Gitea

sudo certbot certonly --standalone -d  gitea.chosesoft.eu
/etc/letsencrypt/live/gitea.chosesoft.eu/fullchain.pem

cat fullchain.pem privkey.pem  >> gitea.chosesoft.eu.pem
cp gitea.chosesoft.eu.pem /etc/haproxy/certs/

NAS

sudo certbot certonly --standalone -d  nas.chosesoft.eu
/etc/letsencrypt/live/nas.chosesoft.eu/fullchain.pem

cat fullchain.pem privkey.pem  >> nas.chosesoft.eu.pem
cp nas.chosesoft.eu.pem /etc/haproxy/certs/

Chosesoft

sudo certbot certonly --standalone -d  chosesoft.eu
/etc/letsencrypt/live/chosesoft.eu/fullchain.pem

cat fullchain.pem privkey.pem  >> chosesoft.eu.pem
cp chosesoft.eu.pem /etc/haproxy/certs/

Proxmox

sudo certbot certonly --standalone -d  proxmox.chosesoft.eu
/etc/letsencrypt/live/proxmox.chosesoft.eu/fullchain.pem

cat fullchain.pem privkey.pem  >> proxmox.chosesoft.eu.pem
cp proxmox.chosesoft.eu.pem /etc/haproxy/certs/

Check certs

openssl s_client -connect gitea.chosesoft.eu:443 -showcerts