https://viewer.diagrams.net/?tags={}&highlight=0000ff&edit=_blank&layers=1&nav=1&title=HAproxy.drawio#R7Zndc%2BI2EMD%2FGh7D2DKxzSNwyeVurp3M3Ezae2JkW9hqZMsjiwD3198KS%2F4E6rSEpFN4AO1qrY%2F1T9qVGDmLdPtZ4Dz5jUeEjZAVbUfOpxFCNppY8KM0u1KDJqUcCxppm1rxnf4kWqkfi9c0IkXLUHLOJM3bypBnGQllS4eF4Ju22Yqzdq85jklP8T3ErK%2F9g0Yy0VrbsuqKB0LjRHft3%2BqKAIfPseDrTPeX8YyUNSk2zWjTIsER3zRUzt3IWQjOZVlKtwvClFeNx8rn7o%2FUVkMWJJODHgg97HrByl9FDnKs1Y3n64HJnfEDicAtWtxPxZknMmUg2VBkOCBsXs14wRkXtWEhsZD3lClrC2SSRTP1amoL0DTqCyn4c%2BVucMd8xTN5j1PKFERPREQ4w1qtkbGVGdlS%2BadqZHyrpR96gKr8aWv6V8KuITwSQVMiidC6vgO1Twu%2BFqH2yMPX35%2Fmf32xJbq7X988BSuySG4MoljERB7xLpqWRsqljdb1u%2FlMOAxF7MBAEIYlfWmTiDXQcWVXPfrIKYwXWXrt%2BYbRnYHWt9ptlNPRj9WAQKExjlq1x2YoQtMrQv8MITQEIf8yCHmoi5B3OYTMJF8wW%2BsJzESY0IJK2EktmIzLwEHzQEAplnundzVfHsFy5MyUvTVGY%2FXVAxP231wV022sYtg4pEXIxyl8j4FFSZbFhsowWeaCh6QoFJdNciNcJCTS730FDBp2RzANx%2FWnXgVko2a1%2FxxE9YUISSEEfVNL4pHDfCnPoC7gUvK0YTBjNFYVkueg3a%2BbaiBVUFFCyFMamhEOWwhHAVadk%2B1J6nSta%2BKIocex3VKxqUOpq%2FOBpBlE3eOgtgh7FU7TkzihITgZhiZXhi7EkDdF78fQqRDfwOhhBm91u3stRLZ9pWg4RT1kDoB1nKLuTmS51vtShE5QpCIbTpUjs6DIDzJ0girrStWFqHL9j0bVpEfV04EMyHYGIgJuzYEPUSxxFi1zSHHzhAjMivGGBMtAna5Vwjsvngnwo%2F3fICdXaSERdy%2Fg0OKD0YS1FJJsn7XPYSUwmkGn5iLBOtPeM2lHsCk6AAnqQ2LAOTsk3v%2F7ZAavTewaDSnxR7Oubmov7ZrS4WNe5xj2hlcH%2Fpsc83y7k2TZt50d6sgx70BL3ZQfdVoq53eOA%2BNBL%2F5Xb64%2BKJSDLiOmHxzK3i3GpaG0%2B2eGPqY9tBqUtlOfs8Jy3guvs0A36UN3fMfsc9eIq%2BYyvhlXje7ct6vVdf6r98zbv7tke2s8%2B4eRK57%2FHk%2F0nnh65oxhss5pJ50cTGd387TORieI9Z9cpXn9H6Jz9ws%3D
NixOS est un system d’exploitation reproductible ce qui était nécéssaire dans notre cas car il y avait deux vm identique qui devais posséder la meme configuration.
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
config,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./haproxy.nix
./networking.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "haproxy"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Paris";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
#NixOS Version
system.stateVersion = "22.11"; # Did you read the comment?
}
{ config, pkgs, ... }:{
services.haproxy = {
enable = true;
config = ''
#FRONTEND permet d'exposer en public les ports
frontend web
bind 10.2.10.10:80
#Permet d'exposer le site sur HAPROXY
bind 10.2.10.10:443 ssl crt /etc/ssl/certs/groupe2.pem # Il faut générer le certificat sinon cela ne marchera pas
mode http
default_backend web-servers
frontend dns
bind 10.2.10.10:53
mode dns
default_backend dns-servers
frontend ftp
bind 10.2.10.10:21
mode tcp
default_backend ftp-servers
#permet de se connecter au groupes de serveurs
backend web-servers
mode http
balance roundrobin
server server1 10.2.10.1:80 check
server server2 10.2.10.2:80 check
listen dns
bind 10.2.10.10:53
mode tcp
server dns1 10.2.10.1:53 check
server dns2 10.2.10.2:53 check
backend ftp-servers
mode tcp
balance roundrobin
server server1 10.2.10.1:21 check
server server2 10.2.10.2:21 check
'';
};
}
Il a fallut générer des certificats avec openssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout groupe2.key -out groupe2.crt
et ensuite en faire un certificat
cat groupe2.key groupe2.crt > /var/ssl/groupe2.pem
Voici haproxy de lancé