Skip to main content

HAproxy - High Availability Proxy on Ubuntu 22.04

483 words·
HAproxy High-availability Cluster Loadbalancer
Table of Contents

This is just a basic tutorial on how to get started with HAProxy. I will take a deeper dive into its features in the future.

Prerequisites
#

For this tutorial I use the following setup with Ubuntu 22.04 servers:

192.168.30.90 HAproxy server
192.168.30.91 Apache node 1 
192.168.30.92 Apache node 2

HAproxy - High Availability Proxy
#

Installation
#

# Update package index
sudo apt update

# Install HAproxy
sudo apt install haproxy -y

# Check version
haproxy -v

Configuration
#

# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
  • Add the following configuration to the end of the file
frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server node1 192.168.30.91:80 check
   server node2 192.168.30.92:80 check

Test Configuration
#

# Validate configuration
sudo haproxy -c -f /etc/haproxy/haproxy.cfg

# Shell output:
Configuration file is valid

Restart HAproxy
#

# Restart HAproxy
sudo systemctl restart haproxy

# Check status
sudo systemctl status haproxy

# Check logs
journalctl -xeu haproxy.service

# Enable service after boot
sudo systemctl enable haproxy

HAproxy Dashboard
#

# Open Dashboard
192.168.30.90/haproxy?stats

Secure Dashboard
#

# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server node1 192.168.30.91:80 check
   server node2 192.168.30.92:80 check

# HAProxy Dashboard
listen stats
   bind *:8080 # Define Dashport Port
   stats enable
   stats uri /
   stats realm Haproxy Statistics
   stats auth Admin:mypassword # Define user & pw
# Restart HAProxy
sudo systemctl restart haproxy
# Open Dashboard: Secure version
192.168.30.90:8080

HTTPS with Certbot Certificate
#

Certbot
#

# Install Certbot
sudo apt install certbot -y

# Create certificate
sudo certbot certonly --standalone -d ha.jklug.work

Create Certificate Folder
#

# Create directory for certificate
sudo mkdir -p /etc/ssl/ha.jklug.work

# Change permissions
sudo chmod 700 /etc/ssl/ha.jklug.work

Combine Certificate
#

Note: HAproxy requires the TLS certificate and the private key to be in a single file.

# Combine certificate
sudo cat /etc/letsencrypt/live/ha.jklug.work/fullchain.pem \
/etc/letsencrypt/live/ha.jklug.work/privkey.pem | \
sudo tee /etc/ssl/ha.jklug.work/ha.jklug.work.pem

# Change permissions
sudo chmod 600 /etc/ssl/ha.jklug.work/ha.jklug.work.pem

HTTPS Configuration
#

# Open configuration
sudo vi /etc/haproxy/haproxy.cfg
# HTTPS Version
frontend https_front
   bind *:443 ssl crt /etc/ssl/ha.jklug.work/ha.jklug.work.pem # Define .certificate path
   mode http
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server node1 192.168.30.91:80 check
   server node2 192.168.30.92:80 check

listen stats
   bind *:8080
   stats enable
   stats uri /
   stats realm Haproxy Statistics
   stats auth Admin:mypassword

Test Configuration
#

# Validate configuration
sudo haproxy -c -f /etc/haproxy/haproxy.cfg

Restart HAproxy
#

# Restart HAProxy
sudo systemctl restart haproxy

# Check status
sudo systemctl status haproxy

Open In Browser
#

# Open URL in browser
ha.jklug.work

Load Balancing Algorithms
#

  • roundrobin Works well when all servers have similar capabilities.

  • leastconn Directs traffic to the server with the fewest active connections.

  • first The first server with available connection slots receives the connection.

  • source The same client IP address will always reach the same server. Useful for session persistence.


Links #

# HAproxy Official Documentation
https://docs.haproxy.org/