SEC440 Project 2 - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki

Requirements

  • Load balancers. If used should be placed in either the OPT or DMZ networks and traffic routed to the appropriate web resource on the LAN.
    • HAproxy is a good one to use - but you can choose something else if you prefer
    • Remember - you will likely need to set up VRRP for OPT or DMZ - as well as configure port forwarding rules for access from WAN to the load balancer(s)
  • web01 and web02 should have an index page that proclaims their hostname (example web01-hermoine, web02-hermione)
  • Web traffic from WAN should point to either web01 or web02. If one of these servers goes down, the traffic should be routed to the other.
    • (HINT: that is what the load balancers can be used for!)
  • If one of your proxy servers falls over, service should not be interrupted but rather seamlessly move to the other proxy server.
    • In other words, your load balancers should be a high availability pair. One way to do that is essentially using VRRP on the servers (Hint: keepalived)

Vyos

For Vyos, I had to make a few changes to allow this newly added network to communicate with the rest of the network:

I used this as a guide for setting up the network.

  • I added the interface for the OPT network
    • set interfaces ethernet eth2 description "OPT Network"
    • set interfaces ethernet eth2 address 10.0.6.2/24

HAProxy 1 & 2 setup

First, I changed the root password. Then I configured static IP.

I followed this guide to set up a static IP address on HAProxy's ubuntu cloud 20.04 server.

Then, I installed the HAProxy servers themselves on both HAProxy systems. I used this guide as a reference for set up.

keepalived

keepalived is a process that allows two routers to incrementally send a small ping to one another to keep eachother alive. This is useful for keeping redundant routers on standby when they are not actively in use. That is the purpose we are going to be using it for today.

I used this source to install and implement keepalived

Deliverables

Set up web02, Install Apache on web02, Create index.html pages for web01 and web02, add OPT setting to vyos, Put ha1 and ha2 on the OPT network, Configure VRRP for OPT, ha1 and ha2, Set hostname and IP addresses on ha1 and ha2, Set up keepalived between ha1 and ha2, Change ip of port forwarding to ha proxy, Set up vrrp for ha's

  1. https://drive.google.com/file/d/1NlD82L--6rLExIGo4a5ZB8KtSTgSGDM8/view?usp=sharing

  2. Configuration:

  • I will use git to upload full configurations when I am back at tutoring. I was unable to install git on vyos and unable to ssh from any box into my vyos boxes but I will figure it out.

Troubleshooting

I just encountered an issue where my Vyos and HAProxy boxes didn't acknowledge any input from me. No keyboard types or VM controls for any of them, couldn't figure out why.

Still haven't figured out the issue, however I did find a way to work around it. Accessing vCenter from my local computer rather than the school computer fixed it.

Another issue I encountered was haproxy exiting with an error code because the 0.0.0.0:80 was in use. I fixed this by turning off apache2.

I have been encountering another issue that appeared out of nowhere and I have been spending weeks trying to figure it out. I think port 80 on xubuntu-wan closed because I can't curl anything at all. However curling from by vyos box allows me to get the appropriate results. I am still working on this, I did email my teacher before break explaining the issue I was having however I heard no response from them. So it is up to me to troubleshoot this.

The problem sort of resolved itself, I am not sure why but I am going with it just to be able to continue.