Setup HAProxy 1.6 Load Balancer on Ubuntu 14.04

Setup HAProxy 1.6 Load Balancer on Ubuntu 14.04

HAProxy is an open source, fast and reliable solution for high availability, load balancing, It supports TCP and HTTP-based applications that spreads requests across multiple backend servers. HAProxy  is the world’s leading software load balancers and application delivery controllers (ADCs) for modern enterprises application. Haproxy provide inbuilt security features including ddos protection and more. Even this site cloudgeek.co.in using Haproxy as a first line of defense.

This article will walk you through setting up HAProxy 1.6 on ubuntu 14.04,

Install HAProxy

sudo add-apt-repository ppa:vbernat/haproxy-1.6
sudo apt-get update
sudo apt-get install haproxy

Configure HAProxy

# vim /etc/haproxy/haproxy.cfg

Default Settings:

global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

Adding Listener:

Listener tell HAProxy to where to listen for new connections.

frontend Haproxy_Server
    bind Haproxy_Server_ip:80
    mode http
    default_backend Web_Servers

Add Backend Web Servers:

Now, backend servers define where HAProxy send the request.

backend Web_Servers
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server1 web1.example.com  web1_server_ip:80
    server2 web2.example.com  web2_server_ip:80

Enable HAProxy Stats (Optional)

Haproxy has a nice stats feature with useful information. Most stats configurations are over unencrypted HTTP.

listen stats *:8080
    stats enable
    stats hide-version
    stats refresh 30s
    stats show-node
    stats auth username:password
    stats uri  /haproxy?stats

Restart HAProxy

$ sudo service haproxy restart

Now, It’s all done.

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *