Project 2: Web and Proxy Redundancy - LouisNajdek/sec440 GitHub Wiki

DEMONSTRATION VIDEO

Vyos 1 + 2

Configured to add new interface eth2 for opt subnet, nat translation, and added vrrp group VyosOPT

Changed the ip address of the HTTP port forwarding to reflect the new virtual IP shared between HAProxy servers.

ha1 & ha2

Netplan is located at /etc/netplan

Netplan Config

 
edited 00-installer-config.yaml
  networking:
    ethernets:
      ens160:
        dhcp4: false
        addresses:
        - IP_ADDRESS/SUBNET
        gateway4: VIRTUAL_IP_OPT
        nameservers:
                addresses:
                - VIRTUAL_IP_OPT
    version: 2

sudo netplan apply

HAProxy

I used HAProxy as my proxy server, which required me to install some repositories.

install software-properties-common

add-apt-repository ppa:vbernat/haproxy-2.1 --yes

apt update

apt install haproxy

The configuration file that was edited for HAProxy is located at /etc/haproxy/haproxy.cfg

I added the following sections to the config file

frontend
        bind 10.0.6.10:80
        default_backend webapps
        option forwardfor
backend webapps
        balance roundrobin
        server web01 10.0.5.100:80 check
        server web02 10.0.5.101:80 check

I bound a virtual IP address of 10.0.6.10:80 to act as the IP for both of my proxy servers. I added the forwardfor line so that the web servers would see the clients source IP address instead of the proxy servers IP address. The proxies operated on a round robin balance where the web servers used would be cycled.

Keepalived

Redundancy through VRRP was acheived with Keepalived. Keepalived was installed with the following commands

sudo apt install keepalived

The line editor sed was used to edit /etc/sysctl.conf and set up ip forwarding.

sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

After that I configured keepalived.conf located in /etc/keepalived as follows

vrrp_instance VRRP1 {
        state BACKUP
        interface ens160
        virtual_router_id 20
        priority 100
        advert_int 1
        virtual_ipaddress {
                 10.0.6.10/24
        }
}

if you need to open port, sudo iptables -A INPUT p- tcp --dport 80 -j ACCEPT

Web02

Configured apache web server on web02 with different index page, followed same procedure as web01 which can be seen in the documentation for week 1.

⚠️ **GitHub.com Fallback** ⚠️