Project 2 - RichardSwierk/SEC-440 GitHub Wiki

Video Demo

web02 setup

[root@localhost ~]# useradd richard.swierk
[root@localhost ~]# passwd richard.swierk
[root@localhost ~]# usermod -G wheel richard.swierk
richard.swierk@web02-richard:~$ sudo nmtui
ip=10.0.5.101
gateway=10.0.5.1
richard.swierk@web02-richard:~$ sudo echo "PermitRootLogin no" >> /etc/ssh/sshd_config
richard.swierk@web02-richard:~$ sudo firewall-cmd --permanent --add-servoce=ssh
richard.swierk@web02-richard:~$ sudo firewall-cmd --permanent --add-service=http
richard.swierk@web02-richard:~$ sudo firewall-cmd --reload
richard.swierk@web02-richard:~$ sudo echo "<html><body><h1>Web02-Richard</h1></body></html>" >> /var/www/html/index.html
richard.swierk@web02-richard:~$ sudo systemctl httpd start
richard.swierk@web02-richard:~$ sudo systemctl sshd start

vyos01 setup

set interfaces ethernet eth2 description 'OPT'
set interfaces ethernet eth2 address 10.0.6.2/24
set high-availability vrrp group optgroup18 vrid 20
set high-availability vrrp group optgroup18 interface eth2
set high-availability vrrp group optgroup18 virtual-address 10.0.6.1/24
set nat source rule 11 outbound-interface eth1
set nat source rule 11 source address 10.0.6.0/24
set nat source rule 11 translation address masquerade
commit
save

set nat source rule 12 outbound-interface eth2
set nat source rule 12 source address 10.0.5.0/24
set nat source rule 12 translation address masquerade
commit
save
set nat destination rule 10 translation address 10.0.6.5 commit
save

vyos02 setup

set interfaces ethernet eth2 description 'OPT'
set interfaces ethernet eth2 address 10.0.6.3/24
set high-availability vrrp group optgroup18 vrid 20
set high-availability vrrp group optgroup18 interface eth2
set high-availability vrrp group optgroup18 virtual-address 10.0.6.1/24
set nat source rule 11 outbound-interface eth1
set nat source rule 11 source address 10.0.6.0/24
set nat source rule 11 translation address masquerade
commit
save

set nat source rule 12 outbound-interface eth2
set nat source rule 12 source address 10.0.5.0/24
set nat source rule 12 translation address masquerade
commit
save
set nat destination rule 10 translation address 10.0.6.5 commit
save

ha1 setup

sudo nano /etc/netplan/99_config.yaml
sudo netplan apply
sudo apt-get install haproxy --yes
sudo apt-get install keepalived --yes
sudo nano /etc/haproxy/haproxy.cfg
frontend www
bind *:80
default_backend webapps

backend webapps
balance roundrobin
server web01-richard 10.0.5.100:80 check
server web02-richard 10.0.5.101:80 check

sudo nano /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 71
priority 255
advert_int 1
authentication {
auth_type PASS
auth_pass Ch@mpl@1n!21
}
virtual_ipaddress {
10.0.6.5/24
}
}

ha2 setup

sudo nano /etc/netplan/99_config.yaml
sudo netplan apply
sudo apt-get install haproxy --yes
sudo apt-get install keepalived --yes
sudo nano /etc/haproxy/haproxy.cfg
frontend www
bind *:80
default_backend webapps

backend webapps
balance roundrobin
server web01-richard 10.0.5.100:80 check
server web02-richard 10.0.5.101:80 check

sudo nano /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 71
priority 254
advert_int 1
authentication {
auth_type PASS
auth_pass Ch@mpl@1n!21
}
virtual_ipaddress {
10.0.6.5/24
}
}

⚠️ **GitHub.com Fallback** ⚠️