HAProxy is a fast, efficient HTTP server and proxy with support for features not included in the typical load balancer. Its inclusion of SSL termination offers the capability for HTTPS without a separate piece of infrastructure to manage secure traffic. HAProxy can also proxy TCP connections, making it ideal for load balancing between more than just HTTP endpoints. Because of its use in services that can’t afford downtime, HAProxy can restart without dropping connections. It is a great choice for anyone seeking a reliable load balancer or proxy for a variety of back-end services.
When complete, the server will be running HAProxy, and you can begin integrating other back-end services.
Start by completely updating your system. This does several things. It updates the package list cache, so future downloads will find the correct files. It also integrates all currently available bugfixes and security patches. Perform this step regularly to keep your system running securely and performing well.
apt-get update && apt-get upgrade -y
HAProxy is included in Ubuntu’s package repository. We’ll next install the official HAProxy package.
apt-get install haproxy -y
HAProxy is a versatile server, and just how it should be configured in your scenario is beyond the scope of this guide. Even so, a few basic principles are helpful to understand how it works. Here is a basic HAProxy configuration to make it listen on a port.
Here is how you’d configure an HTTPS endpoint. In this example, we proxy to two back-end servers at 192.168.1.10 and 192.168.1.11. We also enable the stats page, which lets you check the status of traffic to these separate servers.
log 127.0.0.1 local2
# turn on stats unix socket
stats socket /var/run/haproxy.cmd
option forwardfor except 127.0.0.0/8
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 45s
timeout server 45s
timeout check 10s
listen stats :9000
stats uri /haproxy
stats realm HAProxy\ Statistics
stats auth haproxy:password
stats admin if TRUE
listen http :80
server web1 192.168.1.10:80 check inter 3000 rise 2 fall 3
server web2 192.168.1.11:80 check inter 3000 rise 2 fall 3
listen https :443
server web1 192.168.1.10:443 check inter 3000 rise 2 fall 3
server web2 192.168.1.11:443 check inter 3000 rise 2 fall 3
With the above configuration in place, traffic from ports 80 and 443 of your HAProxy server is sent to the configured back-end servers. It is necessary to restart Haproxy for this configuration to take effect. We’ll do that now.
service haproxy restart
To check whether HAProxy is working, let’s visit the previously-configured stats page on port 9000. For instance, if your IP is 220.127.116.11, visit http://18.104.22.168:9000 to see HAProxy handling inbound traffic.
HAProxy must now be configured to start on boot. To do so, run this command.
sudo update-rc.d haproxy enable
Hatop is a useful tool to monitor HAProxy statistics from the command line. Install and run it to check out what information it provides.
apt-get -y install hatop ; hatop -s /var/run/haproxy.cmd
If you’d rather not use the “-s” parameter every time you run Hatop, you can modify ~/.bashrc as shown.
echo "alias hatop='hatop -s /var/run/haproxy.cmd'" >> ~/.bashrc
You’ve now succeeded to install HAProxy and configure route traffic to various servers, with a configured SSL certificate. You’ll next want to integrate it into your own infrastructure by replacing the certificate, and by proxying to your own HTTP or TCP servers. If this guide was helpful to you, kindly share it with others who may also be interested.