How to install and Configure HAProxy load balancer on Rocky Linux/Alma Linux 8

HAProxy is a free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. It distributes the load among the web and application servers.

Haproxy is popular for load balancing because of its efficiency, reliability, and low memory and CPU footprint. Load balancing is a common solution for distributing web applications horizontally across multiple hosts while providing the users with a single point of access to the service.

It is available for install on major Linux distributions. In this guide we will learn how to install and configure HAProxy load balancer on Rocky Linux 8. This guide also works on other RHEL 8 based distributions like Alma Linux and Oracle Linux.

Also check:

# HAProxy Load balancing algorithms

The balancing algorithms are used to decide which server at the backend each connection is transferred to. Some of the useful options include the following:

  • Roundrobin: Each server is used in turns according to their weights. This is the smoothest and fairest algorithm when the servers’ processing time remains equally distributed. This algorithm is dynamic, which allows server weights to be adjusted on the fly.
  • Leastconn: The server with the lowest number of connections is chosen. Round-robin is performed between servers with the same load. Using this algorithm is recommended with long sessions, such as LDAP, SQL, TSE, etc, but it is not very well suited for short sessions such as HTTP.
  • First: The first server with available connection slots receives the connection. The servers are chosen from the lowest numeric identifier to the highest, which defaults to the server’s position on the farm. Once a server reaches its maxconn value, the next server is used.
  • Source: The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This way the same client IP address will always reach the same server while the servers stay the same.

# Table of Content

  1. Ensuring that the server is up to date
  2. Installing HAProxy
  3. Configuring HAProxy as a loadbalancer
  4. Testing the setup

# 1. Ensuring that the server is up to date

Before proceeding, let us ensure that the server is up to date. Use this command to achieve this:

sudo dnf -y update

# 2. Installing Haproxy

The package providing haproxy is available in the default Rocky Linux Repos. Install using this command:

sudo dnf install -y haproxy

Confirm the installation with this command:

$ rpm -qi haproxy
Name        : haproxy
Version     : 1.8.27
Release     : 2.el8
Architecture: x86_64
Install Date: Tue 11 Jan 2022 09:39:45 PM UTC
Group       : System Environment/Daemons
Size        : 4446585
License     : GPLv2+
Signature   : RSA/SHA256, Wed 19 May 2021 05:13:23 AM UTC, Key ID 15af5dac6d745a60
Source RPM  : haproxy-1.8.27-2.el8.src.rpm
Build Date  : Wed 19 May 2021 02:37:50 AM UTC
Build Host  : ord1-prod-x86build004.svc.aws.rockylinux.org
Relocations : (not relocatable)
Packager    : infrastructure@rockylinux.org
Vendor      : Rocky
URL         : http://www.haproxy.org/
Summary     : HAProxy reverse proxy for high availability environments
Description :
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
 - route HTTP requests depending on statically assigned cookies
 - spread load among several servers while assuring server persistence
   through the use of HTTP cookies
 - switch to backup servers in the event a main one fails
 - accept connections to special ports dedicated to service monitoring
 - stop accepting connections without breaking existing ones
 - add, modify, and delete HTTP headers in both directions
 - block requests matching particular patterns
 - report detailed status to authenticated users from a URI
   intercepted from the application

You can double check the installed version number with the following command.

haproxy -v

This is the output on my machine

$ haproxy -v
HA-Proxy version 1.8.27-493ce0b 2020/11/06
Copyright 2000-2020 Willy Tarreau <willy@haproxy.org>

The installation is then complete. Continue below with the instructions for how to configure the load balancer to redirect requests to your web servers.

# 3. Configuring HAProxy as a load balancer

To configure HAProxy as a load balancer, we need to tell it what kind of connections it should be listening for and where the connections should be relayed to. This is done by creating a configuration file /etc/haproxy/haproxy.cfg with the defining settings.

# Load balancing on layer 4

Upon installation, HAProxy will already have a template for configuring load balancer. Open the config file using your text editor, I am using vim:

sudo vim /etc/haproxy/haproxy.cfg

Add this content to configure listening interface and backend interface where traffic will be load balanced to.

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server <server1 name> <private IP 1>:80 check
   server <server2 name> <private IP 2>:80 check

Replace the  with whatever you want to call your servers on the statistics page and the  with the private IPs for the servers you wish to direct the web traffic to. This is the config that I am using in my server

<meta charset="utf-8">frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server web_server_1 10.70.5.41:80 check
   server <meta charset="utf-8">web_server_2 10.70.5.187:80 check

The above defines a layer 4 load balancer with a front-end name http_front listening to the port number 80, which then directs the traffic to the default backend named http_back. The additional stats URI /haproxy?stats enables the statistics page at that specified address.

# Load balancing on layer 7

We can also configure the load balancer to work on layer 7. This is useful when parts of your web application are located on different hosts. This can be accomplished by conditioning the connection transfer for example by the URL.

Open the config file using your text editor, I am using vim:

sudo vim /etc/haproxy/haproxy.cfg

Then add these config

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   acl url_blog path_beg /blog
   use_backend blog_back if url_blog
   default_backend http_back

backend http_back
   balance roundrobin
   server <server name> <private IP>:80 check
   server <server name> <private IP>:80 check

backend blog_back
   server <server name> <private IP>:80 check
   <meta charset="utf-8">server <server name> <private IP>:80 check

The front end declares an ACL rule named url_blog that applies to all connections with paths that begin with /blog. Use_backend defines that connections matching the url_blog condition should be served by the backend named blog_back, while all other requests are handled by the default backend.

At the backend side, the configuration sets up two server groups, http_back like before and the new one called blog_back that servers specifically connections to example.com/blog.

After making the configurations, save the file and restart HAProxy with the next command.

sudo systemctl restart haproxy

If you get any errors or warnings at startup, check the configuration for any mistypes and then try restarting again.

# Configuring SSL

If you have a private key file and a certificate file that you want to use with HAProxy, combine them with this command.

cat citizix.fullchain.pem citizix.key > citizix.pem

Then configure HAProxy to use the SSL certificate on the frontend.

frontend http_front
        bind *:80
        bind *:443 ssl crt /etc/letsencrypt/live/apps.citizix.com/citizix.pem 

# 4. Testing the setup

With the HAProxy configured and running, open your load balancer server’s public IP in a web browser and check that you get connected to your backend correctly. The parameter stats uri in the configuration enables the statistics page at the defined address.

http://<Haproxy public IP>/haproxy?stats

When you load the statistics page and all of your servers are listed in green your configuration was successful!

The statistics page contains some helpful information to keep track of your web hosts including up and down times and session counts. If a server is listed in red, check that the server is powered on and that you can ping it from the load balancer machine.

In case your load balancer does not reply, check that HTTP connections are not getting blocked by a firewall. Also, confirm that HAProxy is running with the command below.

sudo systemctl status haproxy

# 5. Password protecting the statistics page

Having the statistics page simply listed at the front end, however, is publicly open for anyone to view, which might not be such a good idea. Instead, you can set it up to its own port number by adding the example below to the end of your haproxy.cfg file. Replace the username and password with something secure.

listen stats
   bind *:8181
   stats enable
   stats uri /
   stats realm Haproxy\ Statistics
   stats auth username:password

After adding the new listen group, remove the old reference to the stats uri from the frontend group. When done, save the file and restart HAProxy again.

sudo systemctl restart haproxy

Then open the load balancer again with the new port number, and log in with the username and password you set in the configuration file.

http://<load balancer public IP>:8181

Check that your servers are still reporting all green and then open just the load balancer IP without any port numbers on your web browser.

http://<load balancer public IP>/

If your backend servers have at least slightly different landing pages you will notice that each time you reload the page you get the reply from a different host.

# Conclusions

That is it! In this guide, we learnt how to install and configure HAProxy to load balance traffic. This will increase your web application performance and availability.

comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy