HAProxy 3.2.4 with public IP with Fail2ban added
Tomcat - 9.0.108 auto cluster on
MariaDB clustered Galera and proxy sql
Storage
(NOT SURE IF NEED MEMCACHE)
Load balancer
1. Install Fail2ban on load balancer
2. Edit haproxy.cfg by adding afterbind:::80 v4v6
#TT additions start
acl restricted_page2 path_beg,url_dec -i /.env
http-request silent-drop if restricted_page2
acl restricted_page3 path_beg,url_dec -i /traffic-advice
http-request silent-drop if restricted_page3
acl restricted_page4 path_beg,url_dec -i /autodiscover.xml
http-request silent-drop if restricted_page4
acl restricted_page5 path_beg,url_dec -i /wordpress
http-request silent-drop if restricted_page5
capture request header X-Forwarded-For len 15
3. Add fail2ban and letsencrypt
TOMCAT
1. Edit context.xml on BOTH SERVERS
Add to <context allowCasualMultipartParsing="true"
Add under <context>
<Resources allowLinking="true" cachingAllowed="true" cacheMaxSize="100000" />
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
Add watched resources:
<WatchedResource>WEB-INF/lib/613fpro.jar</WatchedResource>
<WatchedResource>WEB-INF/lib/65objects.jar</WatchedResource>
2. Edit server.xml on BOTH SERVERS
Change shutdown pwd to anything complex
Change connectors to :-
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
compression="on"
compressionMinSize="512"
useSendfile="false"
maxPostSize="109715200"
maxConnections="65000"
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript,image/svg+xml"
redirectPort="443" />
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
compression="on"
compressionMinSize="512"
useSendfile="false"
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/xml,application/xhtml+xml,application/rss+xml,application/javascript,application/x-javascript,image/svg+xml"
redirectPort="443"
maxHttpHeaderSize="8192"
maxThreads="2500" minSpareThreads="10" maxSpareThreads="150"
enableLookups="false" acceptCount="400" disableUploadTimeout="true"
maxConnections="65000"
maxPostSize="109715200"
/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" secretRequired="false"
maxThreads="2500" minSpareThreads="10" maxSpareThreads="150"
enableLookups="false"
compression="on"
compressionMinSize="30"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"
connectionTimeout="20000" keepAliveTimeout="20000" acceptorThreadCount="2" acceptCount="500" maxConnections="65000"
maxPostSize="109715200"
/>
At the bottom change the AccessLogValue to:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt" renameOnRotate="true"
pattern="%{x-forwarded-for}i - %h %l %u %t "%r" %s %b %I "/>
3. Edit web.xml
Add in the jsp section
<init-param>
<param-name>mappedfile</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>trimSpaces</param-name>
<param-value>true</param-value>
</init-param>
DEPLOYMENT
1. create jar from current server jar -cvf ROOT.war *