# Project 2 - Web and Proxy Redundancy

## Plan of Attack

1. OPT Network set
   * 10.0.6 Going
   * NAT, DNS
   * VRRP
2. Web02 Setup
   * Httpd
   * All other config stuff
   * Create web pages for web01 and web02
3. HAproxy
   * To load balance web01 and web02
     * <https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-to-set-up-http-load-balancing-on-an-ubuntu-vps>&#x20;
     * <https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-your-servers>
   * Use curl
4. Keepalived for HAproxy
   * <https://tecadmin.net/setup-ip-failover-on-ubuntu-with-keepalived/>&#x20;
5. Update nat for web server

## OPT Setup

### HA01 & HA02

Setup Networking HA01: 6.11 and HA02: 6.12

<pre class="language-bash"><code class="lang-bash"><strong>sudo nano /etc/netplan/00-installer-config.yaml
</strong></code></pre>

<figure><img src="/files/ibcao2PRKwKPmfH9tyPT" alt=""><figcaption></figcaption></figure>

To apply netplan:

```bash
sudo netplan try
```

### Set Hostname and Add Paul user

```
sudo hostnamectl set-hostname ha0X-paul
sudo passwd champuser
sudo adduser paul
sudo usermod -aG sudo paul
```

## VYOS01 and 02 OPT Setup

Setup NAT for OPT to WAN

```bash
set nat source rule 20 description 'NAT FROM OPT to WAN'
set nat source rule 20 outband-interface eth0
set nat source rule 20 source address 10.0.6.0/24
set nat source rule 20 translation address masquerade
```

Setup DNS for OPT to WAN

```bash
set service dns forwarding allow-from 10.0.6.0/24
set service dns forwarding listen-address 10.0.6.1
```

## WEB02 Setup

change root passwd and make paul user

<figure><img src="/files/0NZUaic33Eg4ut4KjhkF" alt=""><figcaption></figcaption></figure>

Set ip using nmtui

### Setup httpd

```bash
sudo yum install httpd
nano /var/www/html/index.html
```

### Change Firewall Rules

<figure><img src="/files/Q4H2VWIDf5tNVAXEP3kx" alt=""><figcaption></figcaption></figure>

## Setup HAproxy

Install HAproxy

```bash
sudo apt install haproxy
```

Changed environment variable

```bash
nano /etc/default/haproxy
```

Add the following line

```bash
ENABLED=1
```

Edit the /etc/haproxy/haproxy.cfg

<figure><img src="/files/qQMcP6HT617algm9NXaS" alt=""><figcaption></figcaption></figure>

Now do

```bash
sudo systemctl restart haproxy
```

### Setup Keepalived

Guide: <https://www.questioncomputer.com/how-to-install-and-lab-keepalived-on-ubuntu-20-04-and-rocky-linux-8-5/>

HA01 Config&#x20;

<figure><img src="/files/jaaS3TGYhcIBDspovihX" alt=""><figcaption></figcaption></figure>

HA02 Config

<figure><img src="/files/jLJG80Qj1JaM1XocT0GM" alt=""><figcaption></figcaption></figure>

### Change VYOS Rules:

Delete old nat rule

```
delete nat destination rule 20
```

Add new nat rule

```
set nat destination rule 20 destination address 10.0.17.106
set nat destination rule 20 destination port 80
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 10.0.6.10
set nat destination rule 20 translation port 80
set nat destination rule 20 description HTTP->HAVRRP
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://paul-gleason.gitbook.io/champlain-college-classes/sec-440-systems-security/labs/project-2-web-and-proxy-redundancy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.