How to Configure Reverse Proxy server using Ansible?

ll the web server has the limit of the number of users It can handle at a time. If overnight website got viral and lots of users to come to the website, the server will not able to handle the request and the website will down which will create a very bad immersion.

As a solution to that, we can use the Reverse Proxy server. Which not only it work as a load balancer, it also web server secure from direct access to the webservers.

Now look it out

What is Reverse Proxy?

A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the reverse proxy server itself.

There is multiple software available which provide reverse proxy service such as Nginx,haproxy, etc.

Here in this blog, I am going to describe haproxy server configuration

Steps for configuring Haproxy Server

  • Install the haproxy software

For Red Hat Enterprise Linux command for installation is

dnf install haproxy
  • Configure the Configuration file

The path for the haproxy server configuration file is

/etc/haproxy/haproxy.cfg

When we open the configuration file of the haproxy configuration file the file will look like this

#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
1,1 Top
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:Here you have to port no. for the server
63,0-1 61%
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app 1 Here_IP_of_your_webserver:Port_no.

All the change which are required to do is highlighted in bold. You can provide multiple IP webserver as you require.

  • The last step is to start the service to start the services in RHEL command is
systemctl start haproxy

To see the procedure of configuring Apache Web Server Click Here

So It was the manual procedure which is only suitable for small level but there is a situation where we have to handle a lot of web servers and we are adding more at that we can’t manually go do this procedure again and again, As a solution for that there is a product in the market called Ansible which will do the same procedure for us on single click.

Now first look it out,

What is Ansible?

Ansible is a software tool that provides simple but powerful automation for cross-platform computer support. It is primarily intended for IT professionals, who use it for application deployment, updates on workstations and servers, cloud provisioning, configuration management, intra-service orchestration, and nearly anything a systems administrator does on a weekly or daily basis. Ansible doesn’t depend on agent software and has no additional security infrastructure, so it’s easy to deploy.

Let’s go to Ansible Procedure

  • First, create a directory for Ansible Code called a workstation
  • In that directory create a file with yml extension with any name of your choice. This file is called playbook in Ansible.

In that file write the following code

- hosts: webserver
vars_files:
- "/root/haproxyws_ansible/webvar.yml"
tasks:
- name: Installing httpd package
package:
name: httpd
state: present
- name: Copying Website Content
copy:
src: "{{ webcontent }}"
dest: "{{ webdir }}"
- name: Configuring Firewall
firewalld:
port: "80/tcp"
state: enabled
permanent: yes
immediate: yes
- name: Starting httpd services
service:
name: httpd
state: started
- hosts: haproxy_server
vars_files:
- "/root/haproxyws_ansible/haproxyvar.yml"
tasks:
- name: Installing haproxy package
package:
name: haproxy
state: present

- name: Configuring the configuration file
template:
src: "{{ cfgsrc }}"
dest: "{{ cfgdest }}"
- name: Configuring Firewall
firewalld:
port: "{{ haport }}/tcp"
state: enabled
permanent: yes
immediate: yes
- name: Starting haproxy services
service:
name: haproxy
state: started

Only changes you have to that change the variable file path highlighted in bold for each play

  • Create the variable files for webserver and haproxy also with yml extension with any name of your choice.

In the variable file of haproxy write this code.

cfgsrc: "/root/haproxyws_ansible/haproxy.j2"
cfgdest: "/etc/haproxy/haproxy.cfg"
haport: "5000"

In this file changes, you have to do is change cfgsrc (path of the configuration file) and the port no. of your choice.

The variable file of webserver

webdir: "/var/www/html/index.html"
webcontent: "/root/haproxyws_ansible/index.html"

Here you have to change the value of webcontent. Give here the path of your web app file.

  • Get the configuration file with j2 extension.

It is the same configuration file we have to do some change here. All the Changes are highlighted in bold. Use this as it is.

#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
1,1 Top
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:{{haport}}
63,0-1 61%
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
{% for i in groups['webserver'] %}
server app{{loop.index}} {{i}}:80
{% endfor %}

  • One step before running the playbook update the inventory file. Create a group named webserver for all webserver IPs and haproxy_server for the reverse proxy server IP.
  • Simply run the playbook using the command
ansible-playbook hadoop.yml

It starts executing like this

Finally, the reverse proxy server starts at the port 5000

This procedure we have to do only for one time after that we have only have to update the IPs of the webserver in the inventory and run the file.

Thanks for Reading

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store