This document is for historical reference only.
Creating a frontend
Creating and running frontends can be done on pretty much any machine. The frontend can be seen as a passthrough server, which relays HTTP requests from clients to an available backend in one or more pool(s), based on a config file. It will health check the backends and remove them from the pool(s) if they are unreachable, or unhealthy.Depending on how complicated and feature rich the frontend should be (it's always a trade off between complexity/features, speed, cost and reliability), one can choose for a complex NGINX or a more simple HA Proxy (this document).
As with most howto's in the user guide, this one assumes that you have a host set up using one of the methods described in the Host Setup guide. Once the machine is up and has the necessary access, we install the required packages and introduce the machine into our provisioning system, which is represented on your admin machine by an RCS, of which you can read more here.
We installed a few OpenBSD and Ubuntu LTS machines and put them at three different hosting providers in Europe: BIT bv in Ede, the Netherlands; Coloclue in Amsterdam, the Netherlands; and Saitis in Lausanne, Switzerland. You can use existing machines as long as (a) you have root access to this machine using ssh(1), and (b) you are able and allowed to bind port 80 and 443 on this machine.
A1) Using OpenBSD
1. Install needed ports (packages)
export PKG_PATH=ftp://ftp.bit.nl/pub/OpenBSD/`uname -r`/packages/`uname -m`/ sudo pkg_add -vr haproxy sudo pkg_add -vr rsync
2. Put haproxy in rc{.conf,}.local
sudo su - cat << EOF >>/etc/rc.local if [ X$"{haproxy}" = X"YES" -a -x /usr/local/sbin/haproxy ]; then /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg echo -n ' haproxy' fi EOF echo haproxy=\"YES\" >> /etc/rc.conf.local mkdir -p /etc/haproxy ln -s /etc/haproxy/haproxy.cfg /etc/haproxy.cfg chown -R paphosting:paphosting /etc/haproxy/
A2) Using Ubuntu
1. Install needed packages
sudo apt-get update sudo apt-get install haproxy rsync
2. Enable haproxy
sudo su - cd /etc/default sed -e 's,ENABLED=0,ENABLED=1,' haproxy > haproxy.new && \ mv -f haproxy.new haproxy mkdir -p /usr/local/sbin mkdir -p /var/haproxy ln -sf /usr/sbin/haproxy /usr/local/sbin/haproxy mkdir -p /etc/haproxy mv -f /etc/haproxy.cfg /etc/haproxy/haproxy.cfg ln -sf /etc/haproxy/haproxy.cfg /etc/haproxy.cfg chown -R paphosting:paphosting /etc/haproxy/
B) Configuring PAPFE
1. Add the machine to config/haproxy.hosts
On your client, add the hostname (any hostname or IPv4 or IPv6 address to which you can connect on the ssh port:echo $HOSTNAME >> config/haproxy.hosts # If your machine is Ubuntu Jaunty, then: ln -s haproxy/jaunty haproxy/$HOSTNAME svn add haproxy/$HOSTNAME svn commit config/haproxy.hosts haproxy/$HOSTNAME
2. Ensure you can SSH into the machine as paphosting
From your client, try to SSH as paphosting into the machine. Your SSH keys should be in config/ssh-keyring.pub, and those should be in ~paphosting/.ssh/authorized_keys.Now that you're here, you need to setup sudo access for the paphosting user, so that it can restart the haproxy:
cat << EOF >> /etc/sudoers paphosting ALL = NOPASSWD: /usr/local/sbin/haproxy paphosting ALL = NOPASSWD: /usr/bin/pkill -x haproxy EOF
3. Force a push of the haproxy configs
On your client, try to do a haproxy pushscripts/haproxy-push.sh -v -n # If this looks good, then: scripts/haproxy-push.sh -f
4. Put the machine in DNS
Add IPv4 and IPv6 addresses of the machine to the http0 label, which will put the haproxy into the rotation within $TTL seconds (probably 300). Note: your frontend will go live as soon as DNS propagates!$EDITOR dns/zones/paphosting/http0.inc scripts/dns-push.sh -v -n # If this looks good, then: scripts/dns-push.sh -fEOF :)