Configuring HAproxy as Loadbalancer
Installation
HAProxy is included in the package management systems of most Linux distributions. Use the below command to install haproxy in RHEL 9.2.
yum update -y yum install haproxy -y
Below is the HAproxy config file (/etc/haproxy/haproxy.cfg)
which we used in this setup:
global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats ssl-default-bind-ciphers PROFILE=SYSTEM ssl-default-server-ciphers PROFILE=SYSTEM defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend filecloud-http bind 192.168.101.164:80 redirect scheme https if !{ ssl_fc } default_backend webservers frontend filecloud-https bind 192.168.101.164:443 ssl crt /etc/ssl/private/cloud3.pem option http-server-close option forwardfor stats uri /haproxy?stats http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } default_backend webservers frontend stats bind 192.168.101.164:32700 ssl crt /etc/ssl/private/cloud3.pem stats enable stats uri / stats hide-version stats auth filecloud:password!@ backend webservers balance roundrobin mode http stats enable server webserver01 192.168.101.161:80 check server webserver02 192.168.101.162:80 check
The above configuration is tweaked for use with SSL installed.
Import the SSL certificate to a pem file, and specify the path as in the sample haproxy.cfg above
cat certificate.crt intermediates.crt private.key > cloud3.pem
Configuring webserver to log public IP addresses behind a load balancer
The mod_remoteip is already enabled by default in RHEL.
Edit the Apache configuration located at /etc/httpd/conf/httpd.conf for RHEL as follows:
vi /etc/httpd/conf/httpd.conf
Add this line to the configuration file.
RemoteIPHeader X-Forwarded-For
Find the matching section that begins with LogFormat. Change this line:
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
to this: (Replace %h with %a in the configuration file)
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
To apply the changes, save the configuration file, and then restart Apache on your RHEL instance.
systemctl restart httpd
Verify that the client IP is getting logged using this command on your RHEL instance and make a request from another instance.