본문 바로가기

리눅스

우분투에서 HAProxy를 설치하고 구성하는 방법

반응형

우분투에서 HAProxy를 설치하고 구성하는 방법

테스트 환경

  • 운영체제 버전 정보
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy
  • 도커 버전 정보
$ docker version
Client: Docker Engine - Community
 Version:           20.10.22
 API version:       1.41
 Go version:        go1.18.9
 Git commit:        3a2c30b
 Built:             Thu Dec 15 22:28:04 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.22
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.9
  Git commit:       42c8b31
  Built:            Thu Dec 15 22:25:49 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.15
  GitCommit:        5b842e528e99d4d4c1686467debf2bd4b88ecd86
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

HAProxy 설치

패키지 세부 정보 표시

apt show haproxy
$ apt show haproxy
Package: haproxy
Version: 2.4.18-0ubuntu1
Priority: optional
Section: net
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian HAProxy Maintainers <team+haproxy@tracker.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3,683 kB
Pre-Depends: dpkg (>= 1.17.14), init-system-helpers (>= 1.54~)
Depends: libc6 (>= 2.34), libcrypt1 (>= 1:4.1.0), liblua5.3-0, libpcre2-8-0 (>= 10.22), libssl3 (>= 3.0.0~~alpha1), libsystemd0, adduser, lsb-base (>= 3.0-6)
Suggests: vim-haproxy, haproxy-doc
Homepage: http://www.haproxy.org/
Download-Size: 1,639 kB
APT-Sources: http://kr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: fast and reliable load balancing reverse proxy
 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
 availability environments. It features connection persistence through HTTP
 cookies, load balancing, header addition, modification, deletion both ways. It
 has request blocking capabilities and provides interface to display server
 status.

N: There is 1 additional record. Please use the '-a' switch to see it

시스템 패키지 목록 업데이트

sudo apt update

HAProxy 설치

sudo apt install -y haproxy

HAProxy 버전 정보 확인

haproxy -v
$ haproxy -v
HAProxy version 2.4.18-0ubuntu1 2022/08/25 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.18.html
Running on: Linux 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64

HAProxy 서비스 시작

systemctl --now enable haproxy

HAProxy 구성 파일 확인

/etc/haproxy/haproxy.cfg 파일을 편집하여 로드 밸런서를 구성합니다.

vim /etc/haproxy/haproxy.cfg
$ cat /etc/haproxy/haproxy.cfg 
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
728x90

HAProxy 아키텍처 다이어그램(haproxy architecture diagram)

h1

도커 컨테이너로 웹서버 구성

docker compose 설정

vim docker-compose.yaml
$ cat docker-compose.yaml
version: '3'
services:

  html1:
    image: nginx:latest
    container_name: html1
    hostname: html1
    volumes:
      - ./html1:/usr/share/nginx/html
    ports:
      - 8081:80

  html2:
    image: nginx:latest
    container_name: html2
    hostname: html2
    volumes:
      - ./html2:/usr/share/nginx/html
    ports:
      - 8082:80

  html3:
    image: nginx:latest
    container_name: html3
    hostname: html3
    volumes:
      - ./html3:/usr/share/nginx/html
    ports:
      - 8083:80

  html4:
    image: nginx:latest
    container_name: html4
    hostname: html4
    volumes:
      - ./html4:/usr/share/nginx/html
    ports:
      - 8084:80

  html5:
    image: nginx:latest
    container_name: html5
    hostname: html5
    volumes:
      - ./html5:/usr/share/nginx/html
    ports:
      - 8085:80

웹서버 index.html 파일 생성

mkdir html{1,2,3,4,5}
echo "html1" > html1/index.html

(또는)

echo "<H1>nginx on backend html1 is running.</H1>" | sudo tee html1/index.html
$ cat html1/index.html
html1

웹서버 컨테이너 디렉토리 구조

$ tree
.
├── docker-compose.yaml
├── html1
│   └── index.html
├── html2
│   └── index.html
├── html3
│   └── index.html
├── html4
│   └── index.html
└── html5
    └── index.html

docker compose 시작

docker-compose up -d

docker compose 프로세스 확인

$ docker-compose ps
Name               Command               State                  Ports                
-------------------------------------------------------------------------------------
html1   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:8081->80/tcp,:::8081->80/tcp
html2   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:8082->80/tcp,:::8082->80/tcp
html3   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:8083->80/tcp,:::8083->80/tcp
html4   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:8084->80/tcp,:::8084->80/tcp
html5   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:8085->80/tcp,:::8085->80/tcp

웹 페이지 호출 테스트

$ curl localhost:8081
html1

HAProxy 구성 파일 편집

haproxy(/etc/haproxy/haproxy.cfg) 파일을 편집하여 로드 밸런서를 구성합니다. 이 파일을 수정하려면 sudo 권한이 필요합니다.

vim /etc/haproxy/haproxy.cfg
frontend http-in
        bind *:80
        default_backend    backend_servers
        option             forwardfor

backend backend_servers
        balance            roundrobin
        server             html1 127.0.0.1:8081 check
        server             html2 127.0.0.1:8082 check
        server             html3 127.0.0.1:8083 check
        server             html4 127.0.0.1:8084 check
        server             html5 127.0.0.1:8085 check

listen stats
    bind :8080
    stats enable
    stats uri /
    stats hide-version
    stats auth admin:admin
    default_backend backend_servers

HAProxy 구성 검증

sudo haproxy -c -f /etc/haproxy/haproxy.cfg
$ sudo haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

HAProxy 서비스 재시작

systemctl restart haproxy

웹페이지 호출 테스트(반복 호출)

while true; do curl localhost; sleep 1; done
$ while true; do curl localhost; sleep 1; done
html1
html2
html3
html4
html5
html1
html2
html3
html4
html5
html1
html2
html3
html4

HAProxy 통계 페이지

사용자 이름 : admin, 암호 : admin

http://192.168.0.61:8080

h2
h3

 

728x90
반응형