HAProxy Sebagai Reverse Proxy pada Ubuntu 22

Posted on by

Instal HAProxy

sudo add-apt-repository ppa:vbernat/haproxy-3.0
sudo apt update
sudo apt install haproxy -y

Install Certbot untuk membuat sertifikat SSL dengan Let’s Encrypt

sudo apt install certbot

Generate SSL

sudo certbot -d rr93.my.id --register-unsafely-without-email

Membuat folder untuk file SSL yang dijadikan dalam 1 file .pem

sudo mkdir -p /etc/haproxy/ssl

Menggabungkan file fullchain.pem dan privkey.pem 

sudo cat /etc/letsencrypt/live/rr93.my.id/fullchain.pem /etc/letsencrypt/live/rr93.my.id/privkey.pem > /etc/haproxy/ssl/rr93.my.id.pem
sudo chmod 600 /etc/haproxy/ssl/rr93.my.id.pem

Konfigurasi haproxy.cfg 

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon
    maxconn 4096

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5s
    timeout client  5m
    timeout server  5m
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend http-in
    bind *:80
    bind *:443 ssl crt /etc/haproxy/ssl/
    redirect scheme https if !{ ssl_fc }
    use_backend wordpress if { req.hdr(host) -i rr93.my.id }

backend wordpress
    server node1 10.20.20.141:8081 check inter 5s fall 3 rise 2
    server node2 10.20.20.142:8081 check inter 5s fall 3 rise 2

Pengecekan configurasi haproxy.cfg

sudo haproxy -c -f /etc/haproxy/haproxy.cfg

Jika tidak ada terjadi salah konfigurasi, restart service haproxy

sudo systemctl restart haproxy

Leave a Reply

Your email address will not be published. Required fields are marked *