How to Install HAProxy on Ubuntu 14

HAProxy is a fast, efficient HTTP server and proxy with support for features not included in the typical load balancer. Its inclusion of SSL termination offers the capability for HTTPS without a separate piece of infrastructure to manage secure traffic. HAProxy can also proxy TCP connections, making it ideal for load balancing between more than just HTTP endpoints. Because of its use in services that can’t afford downtime, HAProxy can restart without dropping connections. It is a great choice for anyone seeking a reliable load balancer or proxy for a variety of back-end services.

Getting Started

To complete this guide, you will need the following:
• 1 Node (Cloud Server or Dedicated Server) running a clean install of Ubuntu 14.
• Root access to the server.

When complete, the server will be running HAProxy, and you can begin integrating other back-end services.

Tutorial

Start by completely updating your system. This does several things. It updates the package list cache, so future downloads will find the correct files. It also integrates all currently available bugfixes and security patches. Perform this step regularly to keep your system running securely and performing well.

apt-get update && apt-get upgrade -y

Install HAProxy

HAProxy is included in Ubuntu’s package repository. We’ll next install the official HAProxy package.

apt-get install haproxy -y

HAProxy is a versatile server, and just how it should be configured in your scenario is beyond the scope of this guide. Even so, a few basic principles are helpful to understand how it works. Here is a basic HAProxy configuration to make it listen on a port.

nano /etc/haproxy/haproxy.conf

Here is how you’d configure an HTTPS endpoint. In this example, we proxy to two back-end servers at 192.168.1.10 and 192.168.1.11. We also enable the stats page, which lets you check the status of traffic to these separate servers.

global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 16384
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/run/haproxy.cmd

defaults
mode http
log global
option httplog
option dontlognull
option httpclose
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 45s
timeout server 45s
timeout check 10s
maxconn 16384

listen stats :9000
mode http
stats enable
stats uri /haproxy
stats realm HAProxy\ Statistics
stats auth haproxy:password
stats admin if TRUE

listen http :80
balance leastconn
option http-server-close
option forwardfor
server web1 192.168.1.10:80 check inter 3000 rise 2 fall 3
server web2 192.168.1.11:80 check inter 3000 rise 2 fall 3

listen https :443
balance leastconn
option http-server-close
option forwardfor
server web1 192.168.1.10:443 check inter 3000 rise 2 fall 3
server web2 192.168.1.11:443 check inter 3000 rise 2 fall 3

With the above configuration in place, traffic from ports 80 and 443 of your HAProxy server is sent to the configured back-end servers. It is necessary to restart Haproxy for this configuration to take effect. We’ll do that now.

service haproxy restart

To check whether HAProxy is working, let’s visit the previously-configured stats page on port 9000. For instance, if your IP is 67.215.1.1, visit http://67.215.1.1:9000 to see HAProxy handling inbound traffic.

HAProxy must now be configured to start on boot. To do so, run this command.

sudo update-rc.d haproxy enable

Hatop is a useful tool to monitor HAProxy statistics from the command line. Install and run it to check out what information it provides.

apt-get -y install hatop ; hatop -s /var/run/haproxy.cmd

If you’d rather not use the “-s” parameter every time you run Hatop, you can modify ~/.bashrc as shown.

echo "alias hatop='hatop -s /var/run/haproxy.cmd'" >> ~/.bashrc

Conclusion

You’ve now succeeded to install HAProxy and configure route traffic to various servers, with a configured SSL certificate. You’ll next want to integrate it into your own infrastructure by replacing the certificate, and by proxying to your own HTTP or TCP servers. If this guide was helpful to you, kindly share it with others who may also be interested.