SEC‐440 Milestone 2 Web and Proxy Redundancy - DefiantCoder/Tech-Journals GitHub Wiki
- OPT Network (VyOS)
- 10.0.6
- NAT, DNS
- VRRP
- Web02 setup
- HTTPD All other config stuff
- HAProxy
- To load balance web01 + web02
- Curl is helpful for testing
- Keep alive (make sure its redundant)
- Update NAT, etc to point to HA Proxy VRRP IP
- First we will set web02's network adapter to your LAN network
- Next we will add another network adapter to vyos1 & vyos2 which will be the OPT Network
- Finally ha1 & ha2 will be added to the OPT network
sudo adduser adam-adm
sudo passwd adam-adm
sudo usermod -aG wheel adam-adm=
sudo passwd root
nmtui
sudo yum update
sudo yum install httpd
systemctl start httpd
systemctl enable httpd.service
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload
# Adding the interface
configure
set interfaces ethernet eth2 description OPT
###### vyos 1
set interfaces ethernet eth2 address 10.0.6.2/24
###### vyos 2
set interfaces ethernet eth2 address 10.0.6.3/24
# Setting NAT rules
set nat source rule 30 description "NAT from OPT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 10.0.6.0/24
set nat source rule 30 translation address masquerade
show nat source rule 30
#Configuring DNS forwarding
set service dns forwarding listen-address 10.0.6.1
set service dns forwarding allow-from 10.0.6.0/24
ping google.com
set high-availability vrrp group OPT vrid 20
set high-availability vrrp group OPT interface eth2
set high-availability vrrp group OPT address 10.0.6.1/24
# For vyos01
set high-availability vrrp group optgroup0 priority 200
# For vyos02
set high-availability vrrp group optgroup0 priority 100
adduser adam-adm
sudo usermod -aG sudo adam-adm
sudo passwd champuser
sudo netplan try
# HA 1
hostnamectl set-hostname ha1-adam
# HA 2
hostnamectl set-hostname ha2-adam
-
- To begin this setup we need to install ha
sudo apt update
sudo apt install haproxy -y
- navigate to /etc/haproxy/haproxy.conf and add the following on HA1 & HA2
- make sure to restart HAProxy after this step
sudo Uapt-get install keepalived
Navigate to /etc/default/haproxy and add at the bottom
ENABLED=1
- create
/etc/keepalived/keepalived.confand add the following
# HAProxy1
vrrp_instance OPT_1 {
state MASTER
interface ens160
virtual_router_id 30
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass <passwd>
}
virtual_ipaddress {
10.0.6.10/24
}
}
# HAProxy2
vrrp_instance OPT_1 {
state BACKUP
interface ens160
virtual_router_id 30
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass <passwd>
}
virtual_ipaddress {
10.0.6.10/24
}
}
This Lab was unique in that we had to develop an action plan before doing the lab, something we will have to do in the workplace, but we have had little practice doing it. Learning to setup HAProxy as well as keepalived was an interesting experience but will surely be useful in the future. I Spent hours troubleshooting why I could not curl 10.0.17.109, I went though my firewalls, web01, and even my xubuntu multiple times and it turns out my issue was a simple one with_ keepalived_. I accidently left the address as the default one a guide had set as well as HA2 was set as another master. These simple mistakes created hours of difficulty and tested my sanity but everything works now that they are resolved. Another issue I had was my keepalived.conf file was accidently named keeplaived.conf