log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-options no-sslv3
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor
timeout connect 4s
timeout client 20s
timeout server 20s
timeout client-fin 20s
timeout tunnel 1h
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ft_app
bind *:80 name app
reqadd X-Forwarded-Proto:\ http
default_backend bk_app
frontend www-https
bind *:443 ssl crt /etc/ssl/thingworx/thingworx.pem
reqadd X-Forwarded-Proto:\ https
default_backend bk_app
backend bk_app
stick-table type ip size 1
stick on dst
# Server s1 and server s2 are ThingWorx server nodes 1 and 2.
server s1 check
server s2 check backup
option httpchk GET /Thingworx/Admin/HA/LeaderCheck HTTP/1.0\r\nAuthorization:\ Basic\ QWRtaW5pc3RyYXRvcjphZG1pbg==
Setup mit mehreren HAProxy
Gehen Sie für ein Setup mit mehreren HAProxy wie folgt vor:
1. Installieren Sie HAProxy auf zwei Servern.
2. Installieren Sie Keepalived auf denselben zwei Servern.
sudo apt-get install keepalived
sudo vi /etc/sysctl.conf
3. Fügen Sie am Ende der Datei die folgende Zeile hinzu:
4. Speichern und schließen Sie die Datei.
sudo sysctl -p
sudo vi /etc/keepalived/keepalived.conf
5. Fügen Sie keepalived.conf Folgendes hinzu:
# Settings for notifications
global_defs {

# Define the script used to check if haproxy is still working
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
fall 2
rise 2

# Configuation for the virtual interface
vrrp_instance VI_1 {
interface eth0
state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine
virtual_router_id 51
advert_int 1
lvs_sync_daemon_interface eth0
authentication {
auth_type AH
auth_pass myPassw0rd # Set this to some secret phrase

# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {

# Use the script above to check if we should fail over
track_script {
6. Speichern und beenden Sie.
sudo service keepalived start
7. Wechseln Sie zum anderen Server, und richten Sie Keepalived wie oben beschrieben ein, mit einem Unterschied in keepalived.conf:
state MASTER # set this to BACKUP on the other machine
priority 101 # set this to 100 on the other machine
state BACKUP
priority 100
8. Starten Sie ThingWorx, HAProxy und den anderen Keepalived-Prozess.
Gehen Sie in einem Browser zu, um zu verifizieren, dass Sie HAProxy haben.