Introduction
The role LB provides the central access point to the portal and the SOAP interfaces. This is where the requests are distributed to the available Web application servers, taking into account an even load distribution, the possible failure of one or more Web servers, and the service-specific restrictions. Furthermore, this role also handles the provision of the connection using HTTPS, which is encrypted using TLS. The service can be provided both on HTTP (port 80) and HTTPS (port 443).
Automatic redirection to HTTPS or special URLs can also be implemented here, for example:
- https://acd.example.com is redirected to https://acd.example.com/CarrierPortal/login/reseller/client
- https://acd.exaple.com/admin is redirected to https://acd.exaple.com/CarrierPortal/sysadmin/login
Since the role usually requires very few resources, it is usually installed on the same machine on which the STORE role was installed.
Install haproxy
Install Software
The installation of haproxy is performed using the following commands:
dnf -y install haproxy mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.sample
The second command renames the installed configuration, as this is not required.
Acticate haproxy
Activate the haproxy service with the following command:
systemctl enable haproxy.service
Configure Firewall
Configure the firewall with the following commands:
firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=443/tcp --permanent firewall-cmd --zone=public --add-port=7777/tcp --permanent firewall-cmd --reload
SeLinux Configuration
Enable haproxy to open any port with the following selinux command:
setsebool -P haproxy_connect_any=1 semanage permissive -a haproxy_t
haproxy Log
To allow the haproxy service to log to the syslog service, the following commands are executed.
The logs from haproxy will be in /var/log/messages
sed -i -e 's/#$ModLoad *imudp/$ModLoad imudp/' -e 's/#$UDPServerRun *514/$UDPServerRun 514/' /etc/rsyslog.conf cat <<EOFF>/etc/rsyslog.d/haproxy.conf local2.* /var/log/haproxy.log EOFF service rsyslog restart