This is just a basic tutorial on how to get started with HAProxy. I will take a deeper dive into its features in the future.
Prerequisites #
For this tutorial I use the following setup with Ubuntu 22.04 servers:
192.168.30.90 HAproxy server
192.168.30.91 Apache node 1
192.168.30.92 Apache node 2
HAproxy - High Availability Proxy #
Installation #
# Update package index
sudo apt update
# Install HAproxy
sudo apt install haproxy -y
# Check version
haproxy -v
Configuration #
# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
- Add the following configuration to the end of the file
frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
server node1 192.168.30.91:80 check
server node2 192.168.30.92:80 check
Test Configuration #
# Validate configuration
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
# Shell output:
Configuration file is valid
Restart HAproxy #
# Restart HAproxy
sudo systemctl restart haproxy
# Check status
sudo systemctl status haproxy
# Check logs
journalctl -xeu haproxy.service
# Enable service after boot
sudo systemctl enable haproxy
HAproxy Dashboard #
# Open Dashboard
192.168.30.90/haproxy?stats
Secure Dashboard #
# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
server node1 192.168.30.91:80 check
server node2 192.168.30.92:80 check
# HAProxy Dashboard
listen stats
bind *:8080 # Define Dashport Port
stats enable
stats uri /
stats realm Haproxy Statistics
stats auth Admin:mypassword # Define user & pw
# Restart HAProxy
sudo systemctl restart haproxy
# Open Dashboard: Secure version
192.168.30.90:8080
HTTPS with Certbot Certificate #
Certbot #
# Install Certbot
sudo apt install certbot -y
# Create certificate
sudo certbot certonly --standalone -d ha.jklug.work
Create Certificate Folder #
# Create directory for certificate
sudo mkdir -p /etc/ssl/ha.jklug.work
# Change permissions
sudo chmod 700 /etc/ssl/ha.jklug.work
Combine Certificate #
Note: HAproxy requires the TLS certificate and the private key to be in a single file.
# Combine certificate
sudo cat /etc/letsencrypt/live/ha.jklug.work/fullchain.pem \
/etc/letsencrypt/live/ha.jklug.work/privkey.pem | \
sudo tee /etc/ssl/ha.jklug.work/ha.jklug.work.pem
# Change permissions
sudo chmod 600 /etc/ssl/ha.jklug.work/ha.jklug.work.pem
HTTPS Configuration #
# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
# HTTPS Version
frontend https_front
bind *:443 ssl crt /etc/ssl/ha.jklug.work/ha.jklug.work.pem # Define .certificate path
mode http
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
server node1 192.168.30.91:80 check
server node2 192.168.30.92:80 check
listen stats
bind *:8080
stats enable
stats uri /
stats realm Haproxy Statistics
stats auth Admin:mypassword
Test Configuration #
# Validate configuration
sudo haproxy -c -f /etc/haproxy/haproxy.cfg
Restart HAproxy #
# Restart HAProxy
sudo systemctl restart haproxy
# Check status
sudo systemctl status haproxy
Open In Browser #
# Open URL in browser
ha.jklug.work
Load Balancing Algorithms #
-
roundrobinWorks well when all servers have similar capabilities. -
leastconnDirects traffic to the server with the fewest active connections. -
firstThe first server with available connection slots receives the connection. -
sourceThe same client IP address will always reach the same server. Useful for session persistence.
…
Links #
# HAproxy Official Documentation
https://docs.haproxy.org/