From b1d19c8b9ff0bee77a3c98e793bf8efa67693a4e Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 7 Dec 2016 13:34:15 -0500 Subject: [PATCH] LP#1648188: example HAProxy configuration Add an example configuration for using HAProxy. Signed-off-by: Galen Charlton --- README | 54 ++++++++++++++++++++++++++++++++++++- examples/haproxy/osrf-ws-http-proxy | 25 +++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 examples/haproxy/osrf-ws-http-proxy diff --git a/README b/README index 564093a..995ad48 100644 --- a/README +++ b/README @@ -525,7 +525,7 @@ memory-intensive TPAC pages). The following instructions are a guide for setting this up on Debian and Ubuntu systems, but expect general familiarity with various system -administration and netwrok tasks. The steps should be run as the *root* +administration and network tasks. The steps should be run as the *root* Linux account, and assume that you already followed the instructions for installing WebSockets support. @@ -572,6 +572,58 @@ to var WEBSOCKET_PORT_SSL = 443; --------------------------------------------------------------------------- +Optional: Using HAProxy as a proxy +---------------------------------- +HAProxy can also be used to proxy HTTP, HTTPS, and WebSockets traffic +as an alternative to NGINX. + +The following instructions are a guide for setting this up on Debian +and Ubuntu systems, but expect general familiarity with various system +administration and network tasks. The steps should be run as the *root* +Linux account, and assume that you already followed the instructions +for installing WebSockets support. + +1. Install HAProxy if not already present: ++ +[source, bash] +--------------------------------------------------------------------------- +apt-get install haproxy +--------------------------------------------------------------------------- ++ +2. Configure the main Apache instance to listen on port 7080 for HTTP and + port 7443 for HTTPS and ensure that it is not listening on ports 80 + and 443, then restart Apache. +3. Append the example HAProxy to `haproxy.cfg`. ++ +[source, bash] +--------------------------------------------------------------------------- +cd /path/to/opensrf-OSRFVERSION +cat examples/haproxy/osrf-ws-http-proxy >> /etc/haproxy/haproxy.cfg +--------------------------------------------------------------------------- ++ +4. Edit `/etc/haproxy/haproxy.cfg` to set the location + of the PEM file containing the SSL certificate and private key. +5. Start HAProxy. ++ +[source, bash] +--------------------------------------------------------------------------- +/etc/init.d/haproxy start +--------------------------------------------------------------------------- ++ +6. Edit `/javascript/opensrf_ws.js` and `/javascript/opensrf_ws_shared.js` + and change ++ +[source, javascript] +--------------------------------------------------------------------------- +var WEBSOCKET_PORT_SSL = 7682; +--------------------------------------------------------------------------- ++ +to ++ +[source, javascript] +--------------------------------------------------------------------------- +var WEBSOCKET_PORT_SSL = 443; +--------------------------------------------------------------------------- Troubleshooting note for Python users ------------------------------------- diff --git a/examples/haproxy/osrf-ws-http-proxy b/examples/haproxy/osrf-ws-http-proxy new file mode 100644 index 0000000..834672c --- /dev/null +++ b/examples/haproxy/osrf-ws-http-proxy @@ -0,0 +1,25 @@ +listen web 0.0.0.0:80 + mode http + option forwardfor + http-request set-header X-Client-IP %[src] + balance roundrobin + server web01 localhost:7080 check + +frontend https_ws + bind 0.0.0.0:443 ssl crt /etc/apache2/ssl/cert_plus_key.pem + mode http + option forwardfor + option httpclose + reqadd X-Forwarded-Proto:\ https + acl is_websocket hdr(Upgrade) -i WebSocket + use_backend ws if is_websocket + default_backend https_server + +backend https_server + mode http + balance roundrobin + server s1 localhost:7443 ssl verify none + +backend ws + timeout server 300s + server ws1 localhost:7682 ssl verify none -- 2.11.0