Project 2 - Web and Proxy Redundancy

Plan of Attack

1. OPT Network set

   • 10.0.6 Going

   • NAT, DNS

   • VRRP

2. Web02 Setup

   • Httpd

   • All other config stuff

   • Create web pages for web01 and web02

3. HAproxy

   • To load balance web01 and web02

     • https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-to-set-up-http-load-balancing-on-an-ubuntu-vps

     • https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers

   • Use curl

4. Keepalived for HAproxy

   • https://tecadmin.net/setup-ip-failover-on-ubuntu-with-keepalived/

5. Update nat for web server

OPT Setup

HA01 & HA02

Setup Networking HA01: 6.11 and HA02: 6.12

sudo nano /etc/netplan/00-installer-config.yaml

To apply netplan:

sudo netplan try

Set Hostname and Add Paul user

sudo hostnamectl set-hostname ha0X-paul
sudo passwd champuser
sudo adduser paul
sudo usermod -aG sudo paul

VYOS01 and 02 OPT Setup

Setup NAT for OPT to WAN

set nat source rule 20 description 'NAT FROM OPT to WAN'
set nat source rule 20 outband-interface eth0
set nat source rule 20 source address 10.0.6.0/24
set nat source rule 20 translation address masquerade

Setup DNS for OPT to WAN

set service dns forwarding allow-from 10.0.6.0/24
set service dns forwarding listen-address 10.0.6.1

WEB02 Setup

change root passwd and make paul user

Set ip using nmtui

Setup httpd

sudo yum install httpd
nano /var/www/html/index.html

Change Firewall Rules

Setup HAproxy

Install HAproxy

sudo apt install haproxy

Changed environment variable

nano /etc/default/haproxy

Add the following line

ENABLED=1

Edit the /etc/haproxy/haproxy.cfg

Now do

sudo systemctl restart haproxy

Setup Keepalived

Guide: https://www.questioncomputer.com/how-to-install-and-lab-keepalived-on-ubuntu-20-04-and-rocky-linux-8-5/

HA01 Config

HA02 Config

Change VYOS Rules:

Delete old nat rule

delete nat destination rule 20

Add new nat rule

set nat destination rule 20 destination address 10.0.17.106
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.6.10
set nat destination rule 20 translation port 80
set nat destination rule 20 description HTTP->HAVRRP