For details, see:
Set up a load balancer with an HAProxy server
A Splunk SOAR (On-premises) cluster uses HAProxy as a load balancer to distribute requests between instances. Splunk SOAR (On-premises) supports the default version of HAProxy provided by the base CentOS and RHEL repositories.
You can use a different load balancer. Your load balancer must be configured to:
- provide round-robin balancing
- support SSL/TLS
- handle redirection from HTTP to HTTPS services.
The HA Proxy server that serves a Splunk SOAR (On-premises) cluster with the default configuration will encrypt traffic from clients to the proxy, and from the proxy to the Splunk SOAR (On-premises) nodes. The traffic to the Splunk SOAR (On-premises) nodes is sent over port 443, but the certificates of the Splunk SOAR (On-premises) nodes do not require validation.
If you use a different load balancer when creating a Splunk SOAR (On-premises) cluster, see Configuration files in the Reference section for an HAProxy configuration to use as an example.
- Install and configure one of the supported operating systems according to your organization's requirements.
- Update SELinux and any firewalls to allow access to the ports for HAProxy, and your Splunk SOAR (On-premises) cluster nodes.
- Install HAProxy.yum install haproxy
- Add SSL/TLS certificates to /etc/haproxy/certificates. These certificates are used to encrypt communications between the load balancer and clients.
Do not use a self-signed certificate in a production environment for client communications.
- Edit
/etc/haproxy/haproxy.cfg
. If the file does not exist, create it. Use the example file HAProxy Configuration as a guide. If you are creating an unprivileged cluster, make sure to include a directive for your custom HTTPS port such as:bind *:443 ssl crt /etc/haproxy/certificates no-sslv3 no-tlsv10 ciphers <ciphers go here> # for unprivileged installs, add another declaration bind *:<your https port> ssl crt /etc/haproxy/certificates no-sslv3
The custom HTTPS port must be accessible to the load balancer. For example, if the port you are using for HTTPS for the Splunk SOAR (On-premises) cluster nodes is port 8443, you must also open port 8443 on the load balancer.
- Set HAProxy to start when the system starts.systemctl enable haproxy.service
- Start HAProxy.systemctl start haproxy.service
See also
- For general setup and information on HAProxy, see the HAProxy documentation on the HAProxy.org website.
- For specific information on SSL/TLS certificates, see the section about certs in the HAProxy Configuration Manual.
Set up external file shares using GlusterFS | Splunk SOAR (On-premises) upgrade overview and prerequisites |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.0, 6.2.1
Feedback submitted, thanks!