Date: Fri, 29 Mar 2024 14:17:36 +0100 (CET) Message-ID: <449838624.47509.1711718256852@docs.flashphoner.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_47508_536135141.1711718256852" ------=_Part_47508_536135141.1711718256852 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
1. Install dependencies
yum install opens= sl-devel pcre-devel make gcc -y=20
2. Download HAproxy
Download the stable version of HAproxy, for instance to the /tmp directo= ry
cd /tmp wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz -O- | tar= -zx=20
3. Go to the unpacked directory with sources
=D1=81d haproxy-*==20
4. Run make
make TARGET=3Dlin= ux2628 USE_PCRE=3D1 USE_OPENSSL=3D1 USE_ZLIB=3D1 USE_CRYPT_H=3D1 USE_LIBCRY= PT=3D1 make install=20
5. Create a user named haproxy
useradd haproxy= pre>=20
6. Create a directory named /var/lib/haproxy/
mkdir /var/lib/ha= proxy/=20
7. Create a .pem file from certificates imported to the WCS server
Examples of certificates from StartSSL
test.flashphoner.com.c=
rt - certificate file
test.flashphoner.com.key - private key file
ca.=
pem - root certificate
sub.class2.server.ca.pem - intermediate certifica=
te
cat test.flashpho= ner.com.crt ca.pem sub.class2.server.ca.pem test.flashphoner.com.key | tee = test.flashphoner.com.pem=20
8. Create the configuration file /etc/haproxy/haproxy.cfg with the follo= wing contents:
#----------------= ----------------------------------------------------- # Global settings #--------------------------------------------------------------------- global chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option tcplog option http-server-close option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 5s timeout check 10s maxconn 3000 http-reuse always #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend secure bind SET_YOUR_IP:443 ssl crt /path/to/your/certificate/cert.pem acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr(Sec-WebSocket-Key) -m found use_backend ws_app if is_websocket use_backend web_app if { req.proto_http } default_backend static backend static server static 127.0.0.1:8888 # websocket backend ws_app server app1 127.0.0.1:8080 # web content backend web_app server app1 127.0.0.1:8888 ssl verify none=20
In the line
bind SET_YOUR_IP:= 443 ssl crt /path/to/your/certificate/cert.pem=20
replace
- SET_YOUR_IP - to the public IP of the WCS server
- /=
path/to/your/certificate/cert.pem - to the .pem file created from certifica=
tes imported to the WCS server
9. Create the init file /etc/init.d/haproxy with the following contents:=
#!/bin/bash # # chkconfig: - 85 15 # description: HA-Proxy is a TCP/HTTP reverse proxy which is particularly s= uited \ # for high availability environments. # processname: haproxy # config: /etc/haproxy/haproxy.cfg # pidfile: /var/run/haproxy.pid # Script Author: Simon Matter <simon.matter@invoca.ch> # Version: 2004060600 # Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 0 fi # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} =3D "no" ] && exit 0 # This is our service name BASENAME=3D`basename $0` if [ -L $0 ]; then BASENAME=3D`find $0 -name $BASENAME -printf %l` BASENAME=3D`basename $BASENAME` fi BIN=3D/usr/local/sbin/$BASENAME CFG=3D/etc/$BASENAME/$BASENAME.cfg [ -f $CFG ] || exit 1 PIDFILE=3D/var/run/$BASENAME.pid LOCKFILE=3D/var/lock/subsys/$BASENAME RETVAL=3D0 start() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi echo -n "Starting $BASENAME: " daemon $BIN -D -f $CFG -p $PIDFILE RETVAL=3D$? echo [ $RETVAL -eq 0 ] && touch $LOCKFILE return $RETVAL } stop() { echo -n "Shutting down $BASENAME: " killproc $BASENAME -USR1 RETVAL=3D$? echo [ $RETVAL -eq 0 ] && rm -f $LOCKFILE [ $RETVAL -eq 0 ] && rm -f $PIDFILE return $RETVAL } restart() { quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi stop start } reload() { if ! [ -s $PIDFILE ]; then return 0 fi quiet_check if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with '$BASENAME check'." return 1 fi $BIN -D -f $CFG -p $PIDFILE -sf $(cat $PIDFILE) } check() { $BIN -c -q -V -f $CFG } quiet_check() { $BIN -c -q -f $CFG } rhstatus() { status $BASENAME } condrestart() { [ -e $LOCKFILE ] && restart || : } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; condrestart) condrestart ;; status) rhstatus ;; check) check ;; *) echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check= }" exit 1 esac exit $?=20
10. Add haproxy to autostart
chmod a+x /etc/in= it.d/haproxy chkconfig --add haproxy chkconfig haproxy on=20
11. Start haproxy
service haproxy s= tart=20
1. Make sure haproxy listens to the port 443
netstat -antp | g= rep 443=20
Example of the result of executing the command:
tcp 0 0 192.168.1= .1:443 0.0.0.0:* LISTEN 24083/haproxy=20
If the port is occupied by another service, terminate the corresponding = process and restart haproxy:
service haproxy r= estart=20
2. Make sure the certificates used to create the .pem file soecified in = haproxy.cfg are imported to the WCS server
You can read more about certificates for the WCS server here: Websocket SSL
3. open the WCS server control panel via HTTPS
https://<domai= n name or IP of the WCS server>:8888/dashboard.xhtml=20
4. Verify operation of the demo example with the port 443
For instance, in the Streamer demo example change the wss port to 443 an= d start publishing the stream.