Step-by-Step Guide to Configure HAProxy on Linux

Himanshu Joshi Knowledgebase

Configure HAProxy on Linux to set up a high-performance, open-source load balancer and proxy server for TCP and HTTP-based applications. HAProxy is widely trusted for its reliability, scalability, and ease of use in managing traffic across multiple servers. Configuring HAProxy on Linux is essential for distributing incoming traffic across multiple backend servers, improving the scalability and fault tolerance of your web applications.

Configuring HAProxy

In this guide, we will walk through the steps to install and configure HAProxy on a Linux server.

Prerequisites

Before you begin configuring HAProxy on Linux, ensure you have the following:

  • Linux Distribution: HAProxy can be configured on most Linux distributions such as Ubuntu, CentOS, and Debian.
  • Root Access: You need root or sudo access to install and configure HAProxy.
  • Web Servers: Ensure you have at least two web servers (e.g., Apache or Nginx) set up that HAProxy will distribute traffic to.
  • Firewall Configuration: Ensure ports 80 (HTTP) and 443 (HTTPS) are open in the firewall for HAProxy to handle incoming traffic.

With these prerequisites in place, you’re ready to begin configuring HAProxy.

Configure HAProxy on Linux

Configure HAProxy on Linux to enable high availability, load balancing, and proxying for TCP and HTTP-based applications. HAProxy helps distribute traffic efficiently, improves performance, and ensures reliable service delivery across multiple backend servers. Let’s install it first:

Step 1: Install HAProxy

To begin using HAProxy, you need to install it on your server. HAProxy is available in the default package repositories for most Linux distributions.

  • For Ubuntu/Debian

To install HAProxy on Ubuntu or Debian, run the following commands:

sudo apt update sudo apt install haproxy
  • For CentOS/RHEL

On CentOS or RHEL, use the following commands to install HAProxy:

sudo yum install haproxy

After installation, HAProxy will be ready to configure.

Step 2: Configure HAProxy

The main configuration file for HAProxy is located at /etc/haproxy/haproxy.cfg. This file defines the frontend and backend settings for distributing incoming traffic across your backend servers.

  • Edit the HAProxy Configuration File

Open the HAProxy configuration file for editing:

sudo nano /etc/haproxy/haproxy.cfg
  • Basic Configuration for Load Balancing

Below is a basic example of HAProxy configuration for load balancing HTTP traffic between two backend web servers. The backend servers are assumed to be running on IP addresses 192.168.1.101 and 192.168.1.102, listening on port 80. Add the following configuration:

# Global settings
global
    log 127.0.0.1 local0
    maxconn 2000

# Default settings
defaults
    log     global
    option  httplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

# Frontend - Accepts incoming HTTP requests
frontend http_front
    bind *:80
    default_backend http_back

# Backend - List of web servers to load balance
backend http_back
    balance roundrobin
    server web1 192.168.1.101:80 check
    server web2 192.168.1.102:80 check
  • Frontend: The frontend section accepts incoming HTTP requests on port 80 and forwards them to the backend.
  • Backend: The backend section defines the list of web servers (i.e., web1 and web2) that HAProxy will distribute traffic using the roundrobin method.
  • Save and Exit:

After making changes, save the file and exit the text editor (CTRL + O, then CTRL + X for nano).

Step 3: Start and Enable HAProxy

Now that HAProxy is configured, you need to start the service and enable it to start on boot.

  • Start the HAProxy Service

Use the following command to start HAProxy:

sudo systemctl start haproxy
  • Enable HAProxy on Boot

Set HAProxy to start automatically when the system reboots:

sudo systemctl enable haproxy
  • Verify HAProxy Status

To check if HAProxy is running correctly, use the following command:

sudo systemctl status haproxy

If HAProxy is running correctly, you should see the status as active (running).

Step 4: Test the Load Balancer

With HAProxy running, it’s time to test if it’s distributing traffic between your backend web servers.

  • Access the Load Balancer

Open a web browser and visit the IP address or domain name of the load balancer. For example, if the load balancer’s IP is 192.168.1.100, go to:

http://192.168.1.100

You should be directed to one of your backend servers. Refresh the page multiple times to verify that traffic is being distributed between the two servers.

  • Check HAProxy Logs

If the load balancer isn’t working as expected, check the HAProxy logs for errors:

sudo tail -f /var/log/syslog | grep haproxy

Step 5: Implement SSL (Optional)

If you want to configure HAProxy for HTTPS, you can set up SSL certificates on the load balancer using Let’s Encrypt or your own SSL certificates.

  • Obtain an SSL Certificate

You can use Let’s Encrypt to obtain a free SSL certificate. Install Certbot and use it to obtain the certificate:

sudo apt install certbot
sudo certbot certonly --standalone -d your-domain.com

Replace your-domain.com with your actual domain name.

  • Configure SSL in HAProxy

Modify the HAProxy configuration file (/etc/haproxy/haproxy.cfg) to enable SSL. Add the following lines to your frontend section:

frontend https_front
    bind *:443 ssl crt /etc/letsencrypt/live/your-domain.com/fullchain.pem
    default_backend http_back

Make sure the ssl crt directive points to your certificate files. For a successful setup, ensure your backend servers are configured to handle HTTPS traffic.

  • Restart HAProxy

After updating the configuration, restart HAProxy to apply the SSL settings:

sudo systemctl restart haproxy

Step 6: Monitoring and Logging

HAProxy provides logging and monitoring capabilities to keep track of traffic and detect issues. You can set up a simple statistics page to monitor the load balancer’s performance.

  • Enable HAProxy Statistics Page

Add the following section to the HAProxy configuration file to enable the statistics page:

listen stats
    bind *:8080
    stats uri /haproxy_stats
    stats realm Haproxy\ Statistics
    stats auth admin:admin

This will create a statistics page accessible at http://your-load-balancer-ip:8080/haproxy_stats. The username and password for access will be admin/admin.

  • Monitor HAProxy Logs

HAProxy logs information about traffic, errors, and status changes. To monitor logs in real-time, use:

sudo tail -f /var/log/haproxy.log

Check Out | Step-by-Step: Configure TLS on Linux with Ease

Step 7: High Availability

To improve the availability of your load balancer, you can set up high availability (HA) using Keepalived or Heartbeat. These tools ensure that if one load balancer goes down, another takes over automatically.

Install Keepalived

Install Keepalived to set up a virtual IP that can failover between load balancers:

sudo apt install keepalived

Configure Keepalived

Edit the Keepalived configuration file (/etc/keepalived/keepalived.conf) to define the virtual IP and failover settings.

Conclusion

In this article, we’ve covered how to configure HAProxy on Linux, from installation to configuring load balancing and SSL. HAProxy is a powerful and flexible tool that helps improve the scalability and availability of web applications. By distributing incoming traffic across multiple backend servers, HAProxy ensures that your application can handle more users and maintain high availability, even during peak traffic periods.

With HAProxy set up and running, you can ensure that your website or application remains performant, reliable, and secure.

Tags:
Leave A Comment