{"id":13246,"date":"2025-12-20T11:09:47","date_gmt":"2025-12-20T05:39:47","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13246"},"modified":"2025-12-24T16:18:04","modified_gmt":"2025-12-24T10:48:04","slug":"use-haproxy-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/use-haproxy-on-linux","title":{"rendered":"How to Use HAProxy on Linux Server? Setup and Configuration"},"content":{"rendered":"\n<p><strong>To use HAProxy on a Linux server<\/strong>, install the package for your distro, create a front end that listens on ports 80\/443, define back ends with your app servers, enable health checks and SSL termination, then start and enable the service.<\/p>\n\n\n\n<p> This guide explains installation, configuration, security, tuning, and troubleshooting.<\/p>\n\n\n\n<p>In this beginner-friendly guide, you\u2019ll learn how to use HAProxy on Linux server environments to load balance traffic, terminate SSL, route by host or path, and scale web apps. We\u2019ll cover installation on Ubuntu\/Debian and RHEL-based distros, step-by-step configuration, best practices, and real-world tips from hosting production workloads.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-haproxy-and-why-use-it\"><strong>What is HAProxy and Why Use it?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>HAProxy (High Availability Proxy) is a high\u2011performance, open-source TCP\/HTTP <a href=\"https:\/\/www.youstable.com\/blog\/install-load-balancer-on-linux\/\">load balancer<\/a> and reverse proxy. It sits in front of your application servers to distribute requests, improve reliability through health checks, support zero\u2011downtime maintenance, offload TLS\/SSL, and add security controls like rate limiting and ACLs.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"628\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-HAProxy-and-Why-Use-It.jpg\" alt=\"What Is HAProxy and Why Use It?\" class=\"wp-image-13320 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-HAProxy-and-Why-Use-It.jpg 1200w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-HAProxy-and-Why-Use-It-150x79.jpg 150w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Primary use cases: <\/strong>load balancing, reverse proxy, SSL termination, Layer 4\/7 routing.<\/li>\n\n\n\n<li><strong>Benefits:<\/strong> high availability, scalability, observability, and strong performance under heavy traffic.<\/li>\n\n\n\n<li><strong>Alternatives: <\/strong>NGINX, Envoy, Traefik\u2014but HAProxy is renowned for speed and stability.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Linux server (Ubuntu 22.04\/24.04, Debian 12, Rocky\/AlmaLinux 8\/9, or RHEL 8\/9).<\/li>\n\n\n\n<li>Root or sudo access.<\/li>\n\n\n\n<li>Public DNS records pointing to your HAProxy server (for HTTPS, e.g., <em>app.example.com<\/em>).<\/li>\n\n\n\n<li>Two or more backend application servers (or containers) to load balance.<\/li>\n\n\n\n<li>Basic firewall access to open ports 80 and 443 (and 8404\/9000 for stats\/admin if needed).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-haproxy-on-linux\"><strong>Install HAProxy on Linux<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-debian\"><strong>Ubuntu\/Debian<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y haproxy\nhaproxy -v<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rocky-almalinux-rhel\"><strong>Rocky\/AlmaLinux\/RHEL<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y haproxy\nhaproxy -v<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-and-verify-the-service\"><strong>Enable and Verify the Service<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable haproxy\nsudo systemctl start haproxy\nsudo systemctl status haproxy<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"basic-haproxy-configuration-http\"><strong>Basic HAProxy Configuration (HTTP)<\/strong><\/h2>\n\n\n\n<p>HAProxy\u2019s main config file is at <code>\/etc\/haproxy\/haproxy.cfg<\/code>. Always validate changes before reloading. Below is a minimal yet production-ready template.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>global\n    log \/dev\/log local0\n    log \/dev\/log local1 notice\n    user haproxy\n    group haproxy\n    daemon\n    maxconn 50000\n    tune.ssl.default-dh-param 2048\n\ndefaults\n    log     global\n    mode    http\n    option  httplog\n    option  dontlognull\n    timeout connect 5s\n    timeout client  30s\n    timeout server  30s\n    retries 3\n    option redispatch\n\nfrontend fe_http\n    bind *:80\n    mode http\n    option forwardfor\n    http-request set-header X-Forwarded-Proto http\n    default_backend be_app\n\nbackend be_app\n    mode http\n    balance roundrobin\n    option httpchk GET \/health\n    http-check expect status 200\n    cookie SRV insert indirect nocache\n    server app1 10.0.0.11:8080 check cookie s1\n    server app2 10.0.0.12:8080 check cookie s2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Health checks:<\/strong> <code>option httpchk<\/code> and <code>http-check expect status 200<\/code> ensure only healthy servers receive traffic.<\/li>\n\n\n\n<li><strong>Sticky sessions:<\/strong> Enable stickiness with a cookie for stateful apps (e.g., PHP sessions). For stateless apps, you can remove cookies.<\/li>\n\n\n\n<li><strong>Load balancing:<\/strong> <code>roundrobin<\/code> is simple; consider <code>leastconn<\/code> for uneven request durations.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Validate then reload\nsudo haproxy -c -f \/etc\/haproxy\/haproxy.cfg\nsudo systemctl reload haproxy<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-https-and-ssl-termination\"><strong>Enable HTTPS and SSL Termination<\/strong><\/h2>\n\n\n\n<p>Terminating TLS at HAProxy reduces CPU load on your app servers and centralizes certificate management. You can use Let\u2019s Encrypt with HAProxy using a PEM bundle or a certbot hook.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-the-tls-pem-bundle\"><strong>Create the TLS PEM Bundle<\/strong><\/h2>\n\n\n\n<p>Place your certificate and key as a single PEM file readable by HAProxy:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/haproxy\/certs\nsudo cat fullchain.pem privkey.pem | sudo tee \/etc\/haproxy\/certs\/app.example.com.pem &gt;\/dev\/null\nsudo chmod 600 \/etc\/haproxy\/certs\/app.example.com.pem\nsudo chown haproxy:haproxy \/etc\/haproxy\/certs\/app.example.com.pem<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"https-frontend-with-http-https-redirect\"><strong>HTTPS Frontend with HTTP-&gt;HTTPS Redirect<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>frontend fe_http\n    bind *:80\n    http-request <a href=\"https:\/\/www.youstable.com\/blog\/redirect-http-to-https-using-htaccess\/\">redirect scheme https<\/a> code 301 unless { ssl_fc }\n    default_backend be_app\n\nfrontend fe_https\n    bind *:443 ssl crt \/etc\/haproxy\/certs\/app.example.com.pem alpn h2,http\/1.1\n    mode http\n    option forwardfor\n    http-request set-header X-Forwarded-Proto https\n    default_backend be_app<\/code><\/pre>\n\n\n\n<p>For automatic renewal, use certbot with the <code>--deploy-hook<\/code> to rebuild the PEM and reload HAProxy after renewal.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot certonly --standalone -d app.example.com --agree-tos -m admin@example.com --non-interactive\n# Deploy hook example (script should concatenate PEM and reload HAProxy)\nsudo systemctl reload haproxy<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"host-path-routing-with-acls-layer-7\"><strong>Host\/Path Routing with ACLs (Layer 7)<\/strong><\/h2>\n\n\n\n<p>Use ACLs to route traffic by domain or URL path\u2014ideal for microservices or splitting static\/dynamic content.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>frontend fe_https\n    bind *:443 ssl crt \/etc\/haproxy\/certs\/app.example.com.pem\n    mode http\n    acl host_api hdr(host) -i api.example.com\n    acl path_static path_beg \/assets\/ \/static\/\n    use_backend be_api if host_api\n    use_backend be_static if path_static\n    default_backend be_app\n\nbackend be_api\n    balance leastconn\n    server api1 10.0.0.21:9000 check\n    server api2 10.0.0.22:9000 check\n\nbackend be_static\n    balance roundrobin\n    server cdn1 10.0.0.31:8080 check\n\nbackend be_app\n    balance roundrobin\n    server app1 10.0.0.11:8080 check\n    server app2 10.0.0.12:8080 check<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-best-practices\"><strong>Security Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Harden TLS:<\/strong> Use modern ciphers and enable HTTP\/2. Consider setting <code>ssl-default-bind-ciphersuites<\/code> for TLS 1.3.<\/li>\n\n\n\n<li><strong>Rate limiting:<\/strong> Use stick tables to mitigate abusive clients.<\/li>\n\n\n\n<li><strong>Least privilege:<\/strong> Run as the <code>haproxy<\/code> user; avoid world-readable certs.<\/li>\n\n\n\n<li><strong>PROXY protocol:<\/strong> If terminating on a second HAProxy or a cloud LB, enable PROXY protocol to preserve client IPs.<\/li>\n\n\n\n<li><strong>Firewall:<\/strong> Restrict management ports; only expose 80\/443 publicly.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: Simple rate limit by source IP (100 reqs in 10s)\nfrontend fe_https\n    stick-table type ip size 1m expire 10s store http_req_rate(10s)\n    tcp-request connection track-sc0 src\n    http-request deny if { sc_http_req_rate(0) gt 100 }<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"observability-logs-stats-and-runtime-api\"><strong>Observability: Logs, Stats, and Runtime API<\/strong><\/h2>\n\n\n\n<p>Proper logging and metrics are essential in production. Enable access logs and the built-in stats page or admin socket.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>global\n    log \/dev\/log local0\n    stats socket \/run\/haproxy\/admin.sock mode 660 level admin\n    stats timeout 30s\n\nlisten stats\n    bind *:8404\n    stats enable\n    stats uri \/haproxy?stats\n    stats refresh 10s\n    stats auth admin:StrongPassword<\/code><\/pre>\n\n\n\n<p>Most distros use rsyslog. Ensure HAProxy logs are captured:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/rsyslog.d\/49-haproxy.conf\n$template HaproxyFormat,\"%timestamp% %hostname% haproxy&#91;%procid%]: %msg%\\n\"\nif ($programname == \"haproxy\") then \/var\/log\/haproxy.log;HaproxyFormat\n&amp; stop\n\nsudo systemctl restart rsyslog<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-tuning-tips\"><strong>Performance Tuning Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Max connections:<\/strong> Set <code>global maxconn<\/code> based on RAM and workload; increase <code>ulimit -n<\/code> if needed.<\/li>\n\n\n\n<li><strong>Timeouts:<\/strong> Keep timeouts realistic (e.g., 30\u201360s for clients; 30s for servers) to prevent socket exhaustion.<\/li>\n\n\n\n<li><strong>HTTP keep-alive:<\/strong> Enabled by default; ensures fewer TCP handshakes.<\/li>\n\n\n\n<li><strong>Compression:<\/strong> Offload compression to app\/CDN; if enabling in HAProxy, monitor CPU closely.<\/li>\n\n\n\n<li><strong>Kernel tuning:<\/strong> Consider <code>net.core.somaxconn<\/code>, <code>net.ipv4.ip_local_port_range<\/code>, and <code>net.ipv4.tcp_tw_reuse<\/code> for high connection rates.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-issues-and-troubleshooting\"><strong>Common Issues and Troubleshooting<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service won\u2019t start:<\/strong> Run <code>haproxy -c -f \/etc\/haproxy\/haproxy.cfg<\/code> to validate syntax before reloads.<\/li>\n\n\n\n<li><strong>SSL errors:<\/strong> Ensure the PEM includes full chain + private key; permissions readable by <code>haproxy<\/code> user.<\/li>\n\n\n\n<li><strong>Missing client IPs:<\/strong> Use <code>option forwardfor<\/code> in HTTP mode; enable PROXY protocol end-to-end if behind another LB.<\/li>\n\n\n\n<li><strong>Health checks failing:<\/strong> Verify backend <code>\/health<\/code> endpoint returns 200 quickly; check firewalls and SELinux labeling on RHEL-based systems.<\/li>\n\n\n\n<li><strong>High latency:<\/strong> Check timeouts, server saturation, DNS issues, or Layer 7 inspection rules (ACLs) that are too heavy.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-use-cases\"><strong>Real-World Use Cases<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Blue\/Green deployments:<\/strong> Weight backends or switch ACLs to shift traffic gradually during releases.<\/li>\n\n\n\n<li><strong>Microservices gateway:<\/strong> Route by host\/path to different services, apply rate limits per route.<\/li>\n\n\n\n<li><strong>SSL offload and WAF chain:<\/strong> Terminate TLS in HAProxy, then forward to a WAF or app servers.<\/li>\n\n\n\n<li><strong>Multi-region failover:<\/strong> Use DNS health checks and multiple HAProxy nodes with VRRP\/keepalived or cloud load balancers.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"deploy-haproxy-on-youstable-infrastructure\"><strong>Deploy HAProxy on YouStable Infrastructure<\/strong><\/h2>\n\n\n\n<p>For high-availability architectures, pair HAProxy with reliable compute. YouStable\u2019s SSD-backed VPS and dedicated servers deliver low latency, generous bandwidth, and optional managed support. Spin up multiple backend instances, add a public HAProxy node, and let our team help you harden TLS, tune performance, and monitor uptime\u2014without overspending.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"full-example-production-ready-haproxy-cfg\"><strong>Full Example: Production-Ready haproxy.cfg<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>global\n    log \/dev\/log local0\n    log \/dev\/log local1 notice\n    user haproxy\n    group haproxy\n    daemon\n    maxconn 50000\n    stats socket \/run\/haproxy\/admin.sock mode 660 level admin\n    stats timeout 30s\n    tune.ssl.default-dh-param 2048\n\ndefaults\n    log     global\n    mode    http\n    option  httplog\n    option  dontlognull\n    timeout connect 5s\n    timeout client  60s\n    timeout server  60s\n    retries 3\n\n# Public HTTP (redirect to HTTPS)\nfrontend fe_http\n    bind *:80\n    http-request redirect scheme https code 301 unless { ssl_fc }\n    default_backend be_app\n\n# Public HTTPS\nfrontend fe_https\n    bind *:443 ssl crt \/etc\/haproxy\/certs\/app.example.com.pem alpn h2,http\/1.1\n    option forwardfor\n    http-request set-header X-Forwarded-Proto https\n\n    # Basic rate limiting (100 req\/10s\/IP)\n    stick-table type ip size 1m expire 10s store http_req_rate(10s)\n    tcp-request connection track-sc0 src\n    http-request deny if { sc_http_req_rate(0) gt 100 }\n\n    # Host\/Path routing examples\n    acl host_api hdr(host) -i api.example.com\n    acl path_static path_beg \/assets\/ \/static\/\n    use_backend be_api if host_api\n    use_backend be_static if path_static\n    default_backend be_app\n\nbackend be_app\n    balance roundrobin\n    option httpchk GET \/health\n    http-check expect status 200\n    cookie SRV insert indirect nocache\n    server app1 10.0.0.11:8080 check cookie s1\n    server app2 10.0.0.12:8080 check cookie s2\n\nbackend be_api\n    balance leastconn\n    option httpchk GET \/health\n    http-check expect status 200\n    server api1 10.0.0.21:9000 check\n    server api2 10.0.0.22:9000 check\n\nbackend be_static\n    balance roundrobin\n    server cdn1 10.0.0.31:8080 check\n\n# Stats UI\nlisten stats\n    bind *:8404\n    stats enable\n    stats uri \/haproxy?stats\n    stats refresh 10s\n    stats auth admin:StrongPassword<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-to-use-haproxy-on-linux-server-step-by-step\"><strong>How to Use HAProxy on Linux Server: Step-by-Step<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.youstable.com\/blog\/install-haproxy-on-linux\/\">Install HAProxy<\/a> via your distro package manager.<\/li>\n\n\n\n<li>Point DNS to your HAProxy server\u2019s public IP.<\/li>\n\n\n\n<li>Create <code>\/etc\/haproxy\/haproxy.cfg<\/code> with frontends\/backends and health checks.<\/li>\n\n\n\n<li>Add HTTPS with a PEM certificate; <a href=\"https:\/\/www.youstable.com\/blog\/redirect-http-to-https\/\">redirect HTTP<\/a> to HTTPS.<\/li>\n\n\n\n<li>Enable logs and stats; secure stats with auth and firewall rules.<\/li>\n\n\n\n<li>Validate config: <code>haproxy -c -f \/etc\/haproxy\/haproxy.cfg<\/code>.<\/li>\n\n\n\n<li>Reload: <code>systemctl reload haproxy<\/code>.<\/li>\n\n\n\n<li>Monitor health, tune timeouts\/maxconn, and iterate safely.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQs<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765790148256\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-haproxy-layer-4-or-layer-7\"><strong>Is HAProxy Layer 4 or Layer 7?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>HAProxy supports both. Layer 4 (TCP) is faster and protocol-agnostic; Layer 7 (HTTP) enables advanced features like host\/path routing, header rewrites, and content-based decisions. Choose L4 for raw speed and L7 for smart routing.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765790165078\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-preserve-the-real-client-ip\"><strong>How do I preserve the real client IP?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>In HTTP mode, enable <code>option forwardfor<\/code> and have your app read the <code>X-Forwarded-For<\/code> header. If there\u2019s another load balancer in front, use the PROXY protocol end-to-end or terminate TLS at HAProxy and pass XFF downstream.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765790178167\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-best-load-balancing-algorithm\"><strong>What\u2019s the best load-balancing algorithm?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>It depends on workload. <code>roundrobin<\/code> is simplest. <code>leastconn<\/code> works better when requests have variable duration. For sticky apps, use cookies or source IP. Always measure with real traffic.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765790191194\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-set-up-lets-encrypt-with-haproxy\"><strong>How do I set up Let\u2019s Encrypt with HAProxy?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Obtain certs with certbot (standalone or webroot), concatenate fullchain and privkey into a single PEM, place it in <code>\/etc\/haproxy\/certs\/<\/code>, and reload HAProxy. Use a deploy hook to rebuild PEMs and reload automatically on renewal.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765790203795\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-haproxy-replace-nginx\"><strong>Can HAProxy replace NGINX?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes for many use cases, especially load balancing and reverse proxying. HAProxy excels at performance and L7 routing. If you rely heavily on NGINX-specific features (e.g., complex rewrites or static file offload), you may run both\u2014HAProxy in front and NGINX behind.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To use HAProxy on a Linux server, install the package for your distro, create a front end that listens on [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":15526,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Use-HAProxy-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13246"}],"version-history":[{"count":8,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13246\/revisions"}],"predecessor-version":[{"id":15528,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13246\/revisions\/15528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15526"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}