Haproxy and directadmin

NaSRi

Verified User
Joined
Aug 16, 2014
Messages
82
Hi
I have a few websites on a dedicated server which is using directadmin and have got huge traffic nowadays, I have plan to distribute traffic to different servers so I have setup haproxy but the problem is that I cannot tell Haproxy route each request to specific virtual hosts.

I'd appreciate if you have any idea about this.
 
Hello,

Why you can't do it? HAproxy support ACLs, and you can route HTTP/HTTPS traffic for a specific domain to a desired backend. And use COOKIEs to stick an user to a specific backend.
 
Thank you, I've already knew this but the backend has server websites with virtual host trick, how haproxy can route a request to specific vritual host ( domain) and route another request to another virtual host ( domain) at the same backend?

I think I must use different port for each virtual hosts at the same backend.
 
Do you ask how apache will differentiate requests to different virtual hosts proxied over HAproxy? Or not? The same way as it does usually.
 
Do you ask how apache will differentiate requests to different virtual hosts proxied over HAproxy? Or not? The same way as it does usually.

Would you please give me an example?

This is my haproxy server 192.168.6.2 and my website's www and http (domain.com ) records are pointed to server 192.168.6.2 , here are 2 backend servers 192.168.6.3,192.168.6.4 both backend servers have Directadmin and have configured with glusterfs .

In this scenario I have to put my website files in /var/www/html and cannot put them in /home/users/public_html because HAproxy only sees /var/www/html to serves content to clients.

here is backend directive.


backend app-main
balance roundrobin #Balance algorithm
cookie SERVERNAME insert indirect nocache
option httpclose
option forwardfor
compression algo gzip
compression type text/html text/plain text/css
hash-type consistent
http-request set-header X-Forwarded-Port %[dst_port]
redirect scheme https if !{ ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost #Check the server application is up and healty - 200 status code
server web01 192.168.6.3:80 check cookie web01 #apache web01
server web02 192.168.6.4:80 check cookie web02 #apache web02
 
If you show real IPs from your server (i.e. you really use them), it would mean that your Directadmin is not configured to use those private IPs. You should use Link-IP feature of Directadmin to let Apache to add the IPs into virtual hosts. As soon as you add the IPs virtual hosts should start work as usually.
 
I think I couldn't explain very well and something is wrong here.

192.168.6.3 and 192.168.6.4 have directadmin installed which have 4 identical users on each server, I have setup GlusterFS for file synchronization between two servers

The domains are (for example ) domain.com,domain1.com,domain2.com and domain3.com and these domains don't have any Private IPs whereas they are using shared IP amount with eachother as well as directadmin.

Now how can I configure Haproxy to send request to each domain ( virtual host)? :D

Do I have to use ACLs as you have mentioned before?
 
You say your domains do not have private IPs. But 192.168.6.3 and 192.168.6.4 are private IPs: https://en.wikipedia.org/wiki/Private_network

Do you have 192.168.6.3 and 192.168.6.4 in domain virtual hosts?
 
You say your domains do not have private IPs. But 192.168.6.3 and 192.168.6.4 are private IPs: https://en.wikipedia.org/wiki/Private_network

Do you have 192.168.6.3 and 192.168.6.4 in domain virtual hosts?

Oh I used those private IPs as example to hide my public IPs , in fact I'm using hetzner Public IPs
 
OK, I see. Need to see your configs:

- virtual hosts from apache/nginx
- haproxy

Without them it's not possible to guess what might be wrong on your side.

Do you see correct sites if you connect directly to one and another DA servers?
 
I think you just write it in backend

Code:
backend httpd-server
        server srv1 192.168.6.3:80 check
        server srv1 192.168.6.4:80 check
        server srv1 192.168.6.5:80 check
        server srv1 192.168.6.6:80 check

and then in every directadmin server, directadmin ip and virtual host should use private ip.

Admin LEvel -> ip management -> should private ip

and then rewrite_conf
 
OK, I see. Need to see your configs:

- virtual hosts from apache/nginx
- haproxy

Without them it's not possible to guess what might be wrong on your side.

Do you see correct sites if you connect directly to one and another DA servers?

This is for haproxy

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 info #Log configuration

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy #Haproxy running under user and group "haproxy"
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option http-keep-alive
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 5m
timeout http-keep-alive 50s
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
frontend haproxy3-monitoring
bind :8080 ssl crt /etc/ssl/certs/webssl/webssl.pam #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth modir:Hswokk#%1 #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend

#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main

#frontend fe-scalinglaravel
# bind *:80
# acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# use_backend letsencrypt-backend if letsencrypt-acl
# default_backend app-main


frontend main_https
bind *:443 ssl crt /etc/ssl/sitessl/xxxx.pem
reqadd X-Forwarded-Proto:\ https
option http-server-close
option forwardfor
default_backend app-main

#---------------------------------------------------------------------
# BackEnd roundrobin as balance algorithm
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
cookie SERVERNAME insert indirect nocache
option httpclose
option forwardfor
compression algo gzip
compression type text/html text/plain text/css
hash-type consistent
http-request set-header X-Forwarded-Port %[dst_port]
redirect scheme https if !{ ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost #Check the server application is up and healty - 200 status code
server web01 xxx.175.xxx.xxx:80 check cookie web01 #apache web01
server web02 xxx.175.xxx.xxx:80 check cookie web02 #apache web02


#backend letsencrypt-backend
#server letsencrypt 127.0.0.1:8085

=========================================
this is for apache user's virtual host

# Auto generated apache config file by DirectAdmin version 1.53.0
# Modifying this file is not recommended as any changes you make will be
# overwritten when the user makes any changes to their website

# For global config changes that affect all Users, see this guide:
# http://help.directadmin.com/item.php?id=2
# For local config changes that only affect one User, see this guide:
# http://help.directadmin.com/item.php?id=3


<Directory "/home/hidenuser/public_html">
<IfModule mod_suphp.c>
suPHP_Engine ON
suPHP_UserGroup hidenuser hidenuser
</IfModule>
<IfModule mod_fcgid.c>
SuexecUserGroup hidenuser hidenuser
</IfModule>
php_admin_flag engine ON
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
php_admin_value mail.log /home/hidenuser/.php/php-mail.log
php_admin_value open_basedir /home/hidenuser/:/tmp:/var/tmp:/usr/local/lib/php/:/usr/local/php56/lib/php/
</Directory>

<VirtualHost xxxx.175.xxxx:80 >
ServerName www.hidenuser.com
ServerAlias www.hidenuser.com hidenuser.com
ServerAdmin [email protected]
DocumentRoot /home/hidenuser/domains/hidenuser.com/public_html
UseCanonicalName OFF
<IfModule !mod_ruid2.c>
SuexecUserGroup hidenuser hidenuser
</IfModule>
CustomLog /var/log/httpd/domains/hidenuser.com.bytes bytes
CustomLog /var/log/httpd/domains/hidenuser.com.log combined
ErrorLog /var/log/httpd/domains/hidenuser.com.error.log
<Directory /home/hidenuser/domains/hidenuser.com/public_html>
AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
Options -ExecCGI -Includes +IncludesNOEXEC
php_admin_flag engine ON
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
php_admin_value mail.log /home/hidenuser/.php/php-mail.log
php_admin_value open_basedir /home/hidenuser/:/tmp:/var/tmp:/usr/local/lib/php/:/usr/local/php56/lib/php/
suPHP_Engine ON
suPHP_UserGroup hidenuser hidenuser
</Directory>
</VirtualHost>

<VirtualHost xxxx.175.xxxx:443 >
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
ServerName www.hidenuser.com
ServerAlias www.hidenuser.com hidenuser.com
ServerAdmin [email protected]
DocumentRoot /home/hidenuser/domains/hidenuser.com/private_html
UseCanonicalName OFF
<IfModule !mod_ruid2.c>
SuexecUserGroup hidenuser hidenuser
</IfModule>
CustomLog /var/log/httpd/domains/hidenuser.com.bytes bytes
CustomLog /var/log/httpd/domains/hidenuser.com.log combined
ErrorLog /var/log/httpd/domains/hidenuser.com.error.log
<Directory /home/hidenuser/domains/hidenuser.com/private_html>
AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,IncludesNOEXEC,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks,None
Options -ExecCGI -Includes +IncludesNOEXEC
php_admin_flag engine ON
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
php_admin_value mail.log /home/hidenuser/.php/php-mail.log
php_admin_value open_basedir /home/hidenuser/:/tmp:/var/tmp:/usr/local/lib/php/:/usr/local/php56/lib/php/
suPHP_Engine ON
suPHP_UserGroup hidenuser hidenuser
</Directory>
</VirtualHost>
 
Back
Top