Haproxy Setup

Prerequisite

Steps to Generate SSL Certificates Using Certbot

  1. Generate SSL Certificate:
    • For standalone servers: 
      sudo certbot certonly --standalone -d msgcloud.in

Configuring HAProxy to Use SSL Certificates

  1. Copy Certificates to HAProxy:
    • Combine the certificate and private key into a single file: 
      sudo cat /etc/letsencrypt/live/msgcloud.in/fullchain.pem /etc/letsencrypt/live/msgcloud.in/privkey.pem > /etc/haproxy/certs/msgcloud.in.pem
    • Secure the combined certificate file: 
      sudo chmod 600 /etc/haproxy/certs/msgcloud.in.pem

ACL: ACL_mc_server

acl ACL_mc_server path_beg -i /app /apr /apu /api /ape /index.jsp /web-assets /img
  • Purpose: This ACL checks the beginning of the request URI.
  • Condition: It matches if the URI path begins with any of /app, /apr, /apu, /api, /ape, /index.jsp, /web-assets, or /img.

ACL: ACL_mc_app

acl ACL_mc_app hdr(host) -i msgcloud.in
  • Purpose: This ACL checks the Host header.
  • Condition: It matches if the Host header is msgcloud.in.

Msgcloud Server Backend Selection

use_backend msgcloud_server if ACL_mc_app ACL_mc_server
  • Purpose: If both ACL_mc_app (matching Host header msgcloud.in) and ACL_mc_server (matching paths like /app, /api, etc.) are matched, HAProxy will route the request to the msgcloud_server backend.

Msgcloud App Backend Selection

use_backend msgcloud_app if ACL_mc_app
  • Purpose: If the ACL_mc_app is matched (i.e., Host header is msgcloud.in), HAProxy will route the request to the msgcloud_app backend.

Msgcloud Server Backend

backend msgcloud_server
  balance leastconn
  timeout check 15s
  server node01 172.21.0.55:8282
  server node02 172.21.0.56:8282 backup
  server node03 172.21.0.57:8282 backup
  • Purpose: This backend handles requests for the Msgcloud server.
  • Load Balancing: Uses leastconn load balancing to distribute traffic to the server with the least number of active connections.
  • Health Check: Configured with a 15-second timeout for health checks (though commented-out health checks can be enabled).
  • Servers: Routes traffic to node01, node02 (backup), and node03 (backup) (IPs: 172.21.0.55, 172.21.0.56, and 172.21.0.57 respectively, all on port 8282)

Msgcloud App Backend

backend msgcloud_app
  balance leastconn
  option httpchk
  http-check send meth GET uri /apm/mon/health
  http-check expect status 200

  server node01 172.21.0.55:9192 check
  server node02 172.21.0.56:9192 backup
  server node03 172.21.0.57:9192 backup
  • Purpose: This backend handles requests for the Msgcloud application UI.
  • Load Balancing: Uses leastconn load balancing to route traffic to the server with the least number of active connections.
  • Health Check: Configured to perform HTTP health checks:
    • HTTP method: GET
    • URI: /apm/mon/health
    • Expected status: 200
  • Servers: Routes traffic to the following servers:
    • node01: IP 172.21.0.55, port 9192 (Primary, with health checks enabled)
    • node02: IP 172.21.0.56, port 9192 (Backup)
    • node03: IP 172.21.0.57, port 9192 (Backup)