Haproxy LoadBalancer for Entire WHM


#1

hi
i have a whm server that i need to fully hide the ip address of this server.
i setup haproxy 1.7.8 on vps
then i add this configuration :
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend http_front
bind *:80
mode http
stats uri /haproxy?stats
default_backend http_back

backend http_back
balance first
mode http
server whm ***.***.***.***:80 check

i found this configuration in some tutorial but i need the missing part of this config
i check my whm server with port scan and now i know what ports should be in this config
here is the result :


please help me to complete the config file of haproxy


#2

If you have a large number of different ports you have to forward, I’d suggest to not specify port 80 on the backend (and don’t even use health checks, if you have no backup servers anyway). That way you can use multiple frontend ports which will be reused on the backend.

Something likes this (adjust the ports of course):

frontend allports
 bind :21,80,443,110,143,587
 default_backend allportsserver

backend allportsserver
 server whm ***.***.***.***

#3

thanks for your help
i set everything that you send to me and my config file now is :

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend allports
bind :21,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,7080,7777
stats uri /haproxy?stats
mode http
default_backend allportsserver

backend allportsserver
server whm .***.***.

when i save this configuration and restart the haproxy using this command ( sudo systemctl restart haproxy ) i got some errors and haproxy wont run

Job for haproxy.service failed because the control process exited with error code. See “s ystemctl status haproxy.service” and “journalctl -xe” for details.
[root@dl ~]# sudo systemctl status haproxy.service
● haproxy.service - SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suit ed for high availability environments.
Loaded: loaded (/etc/rc.d/init.d/haproxy; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-09-14 20:51:12 EDT; 29s ago
Docs: man:systemd-sysv-generator(8)
Process: 25444 ExecStop=/etc/rc.d/init.d/haproxy stop (code=exited, status=0/SUCCESS)
Process: 32414 ExecStart=/etc/rc.d/init.d/haproxy start (code=exited, status=1/FAILURE)
Main PID: 8544 (code=exited, status=0/SUCCESS)

Sep 14 20:51:12 hostname.com systemd[1]: Starting SYSV: HA-Proxy is a TCP/HTTP r everse proxy which is particularly suited for high availability environments…
Sep 14 20:51:12 hostname.com haproxy[32414]: /etc/rc.d/init.d/haproxy: line 26: [: =: unary operator expected
Sep 14 20:51:12 hostname.com haproxy[32414]: [ALERT] 256/205112 (32418) : parsin g [/etc/haproxy/haproxy.cfg:20] : ‘bind’ : missing port number: ‘53’
Sep 14 20:51:12 hostname.com haproxy[32414]: [ALERT] 256/205112 (32418) : Error( s) found in configuration file : /etc/haproxy/haproxy.cfg
Sep 14 20:51:12 hostname.com haproxy[32414]: [ALERT] 256/205112 (32418) : Fatal errors found in configuration.
Sep 14 20:51:12 hostname.com haproxy[32414]: Errors found in configuration file, check it with ‘haproxy check’.
Sep 14 20:51:12 hostname.com systemd[1]: haproxy.service: control process exited , code=exited status=1
Sep 14 20:51:12 hostname.com systemd[1]: Failed to start SYSV: HA-Proxy is a TCP /HTTP reverse proxy which is particularly suited for high availability environments…
Sep 14 20:51:12 hostname.com systemd[1]: Unit haproxy.service entered failed sta te.
Sep 14 20:51:12 hostname.com systemd[1]: haproxy.service failed.


#4

Looks like I gave you the wrong syntax, I should have been:

 bind :21,:53,:80,:110,:143,:443,:465,:587,:993,:995,:2077,:2078,:2079,:2080,:2082,:2083,:2086,:2087,:2095,:2096,:7080,:7777

#5

thanks for your help
the haproxy is running but i have some problems with ssl ports
can i config haproxy to use original whm ssl certificate ?
how to have ssl in haproxy anyway ?


#6

i have some strange problem
main whm domain is server.domain.com and the ip is 192.168.1.1
i set the dns of loadbalancer.domain.com to the ip 192.168.1.2 (haproxy)
the problem is when client enter the Ip of balancer and port the client redirects to server.domain.com !
this problem also exist in domain name loadbalancer.domain.com:2087 redirects to server.domain.com !
also port 21 for ftp cant access via loadbalancer ip or domain !

how can i fix redirects and ftp ?