[[AlmaLinux]]
# dnf -y install haproxy
# vi /etc/haproxy/haproxy.cfg
# cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
# vi /etc/haproxy/haproxy.cfg
global
log /dev/log local0
maxconn 2048
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
timeout connect 5s
timeout client 50s
timeout server 50s
# HTTP用フロントエンド
frontend http-in
bind 192.168.0.9:80
default_backend web_backends
# HTTPS用フロントエンド(証明書設定)
frontend https-in
bind 192.168.0.9:443 ssl crt /etc/pki/tls/certs/pound.pem
default_backend web_backends
# バックエンドサーバー(2台構成)
backend web_backends
balance roundrobin
server web1 192.168.0.10:80 check
server web2 192.168.0.8:80 check
# openssl x509 -in server.crt -text
# ls /etc/pki/tls/certs/
# cd /etc/pki/tls/certs/
# openssl req -newkey rsa:2048 -nodes -keyout server.key -out server.csr
# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
# cat server.key server.crt > pound.pem
# chmod 600 pound.pem
# chown root:root pound.pem
# cp pound.pem /etc/pki/tls/certs/pound.pem
# pwd
# openssl x509 -in server.crt -text -noout
# openssl s_client -connect localhost:443
# systemctl enable --now haproxy
# systemctl status haproxy.service
*** 443 がvpnserver と競合するため [#b958575a]
bind 192.168.0.9:8443 ssl crt /etc/pki/tls/certs/pound.pem
に変更し、ルーターの性的マスカレードで 443(https) が来たら 192.168.0.9:8443 に転送させる
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
