Install and Configure HAProxy on RHEL 8 / CentOS 8 Linux

HAProxy or High Availability Proxy is an open source TCP and HTTP load balancer and proxy server software. HAProxy has been written by Willy Tarreau in C, it supports SSL, compressions, keep-alive, custom log formats and header rewriting. HAProxy is a fast and lightweight proxy server and load balancer with a small memory footprint and low CPU usage. It is used by large sites like Github, StackOverflow, Reddit, Tumblr, Twitter and others. It has become the most popular software load balancer and proxy server in the past years.

In this tutorial, you will get through the HAProxy installation and configuration on RHEL 8 / CentOS 8. We will install HAProxy on a single server and then install Nginx web server on the other servers. HAProxy will act as a load balancer for the Nginx web servers.

In this tutorial you will learn:

  • HAProxy Architecture and Concepts
  • Configure hosts file for name resolution
  • Install and Configure HAProxy
  • Install and Configure Nginx
  • Testing the Load Balancing feature
  • Access the HAProxy Stats URL

HAProxy Architecture

HAProxy Architecture.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System RHEL 8 / CentOS 8
Software HAProxy, Nginx
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

HAProxy Architecture and Concepts

HAProxy can run in two modes: TCP mode Layer 4 and HTTP Mode Layer 7. In Layer 4 TCP mode, HAProxy forwards the RAW TCP packets from the client to the application servers. In the Layer 7 HTTP mode, HAProxy is parsing the HTTP header before forwarding them to the application servers. In this tutorial, we will use Nginx as the web server that supports the Layer 7 HTTP mode.

Layer 4 Load Balancing

Layer 4 Load Balancing.
Layer 7 Load Balancing

Layer 7 Load Balancing.



Balance Algorithm is the algorithm that is used by HAProxy to select the server when doing the load balancing. The following modes are available:

Roundrobin

This is the most simple balance algorithm. For each new connection, it will be handled by the next backend server. If the last backend server in the list is reached, it will start again from the top of backend list.

Leastconn

The new connection will be handled by the backend server with least amount of connections. This is useful when the time and load of the requests vary a lot.

Source

This is for sticky sessions, the client IP will be hashed to determine the backend server that received the last request from this IP. So an IP A will always be handled by backend1, and IP B will always be handled by banckend2 to not interrupt sessions.

Configure hosts file for name resolution

Log in to the load balancer server and edit the /etc/hosts file and HAProxy loadbalancer, nginx1,nginx2 hostnames. Copy the same file on other two nginx nodes and check the network connectivity via ping comand.

# vim /etc/hosts

192.168.1.108 loadbalancer.example.com
192.168.1.104 nginx1.example.com
192.168.1.105 nginx2.example.com

Install and Configure HAProxy

HAProxy is available in the RHEL 8 / CentOS 8 repository, hence log in to the loadbalancer server and install package HAProxy with this yum command.

# yum install haproxy

Once successfully installed you can use the below command to verify the installation.

# yum info haproxy
# yum info haproxy
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:06:03 ago on Sat 16 Mar 2019 11:40:24 PM +04.
Installed Packages
Name         : haproxy
Version      : 1.8.14
Release      : 1.el8
Arch         : x86_64
Size         : 4.1 M
Source       : haproxy-1.8.14-1.el8.src.rpm
Repo         : @System
From repo    : rhel-8-for-x86_64-appstream-beta-rpms
Summary      : HAProxy reverse proxy for high availability environments
URL          : http://www.haproxy.org/
License      : GPLv2+
Description  : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
             : availability environments. Indeed, it can:
             :  - route HTTP requests depending on statically assigned cookies
             :  - spread load among several servers while assuring server persistence
             :    through the use of HTTP cookies
             :  - switch to backup servers in the event a main one fails
             :  - accept connections to special ports dedicated to service monitoring
             :  - stop accepting connections without breaking existing ones
             :  - add, modify, and delete HTTP headers in both directions
             :  - block requests matching particular patterns
             :  - report detailed status to authenticated users from a URI
             :    intercepted from the application

When the installation is finished, go to the /etc/haproxy/ directory and backup the original configuration file.



# cd /etc/haproxy/
# cp haproxy.cfg haproxy.cfg.orig

Next, do the below changes in HAProxy configuration file haproxy.cfg with any of the editor.

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
#---------------------------------------------------------------------
# HAProxy Monitoring Config
#---------------------------------------------------------------------
listen stats 
    bind loadbalancer.example.com:8080            # HAProxy Monitoring run on port 8080
    mode http
    option forwardfor
    option httpclose
    stats enable
    stats show-legends
    stats refresh 5s
    stats uri /stats                         # URL for HAProxy monitoring
    stats realm Haproxy\ Statistics
    stats auth admin:admin                   # User and Password for login to the monitoring dashboard
    #stats admin if TRUE
    default_backend loadbalancer                 # This is optionally for monitoring backend
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend loadbalancer
    bind loadbalancer.example.com:80
    #acl url_static       path_beg       -i /static /images /javascript /stylesheets
    #acl url_static       path_end       -i .jpg .gif .png .css .js

    #use_backend static          if url_static
    option http-server-close
    option forwardfor
    default_backend       loadbalancer

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
#    balance     roundrobin
#    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend loadbalancer
    balance     roundrobin                                    # Balance algorithm
    option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost        # Check the server application is up and healty - 200 status code
    server  nginx1.example.com 192.168.1.104:80 check         # NGINX Server1
    server  nginx2.example.com 192.168.1.105:80 check         # NGNIX Server2

Save this configuration file and exit.

Now, we will configure the rsyslog daemon to log the HAProxy statistics. Edit the rsyslog.conf file to enable the UDP port 514 to be used by rsyslog. Open the rsyslog configuration file and uncomment the lines to enable the UDP connection.

# vim /etc/rsyslog.conf
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

Save the file with above changes and exit. Then create new HAProxy configuration file for rsyslog and add the below entries in that file.

# cd /etc/rsyslog.d/
# vi haproxy.conf
local2.=info     /var/log/haproxy-access.log    # For Access Log
local2.notice    /var/log/haproxy-info.log      # For Service Info - Backend, loadbalancer

Now restart rsyslog and then start the HAProxy service and add HAProxy to start at boot time.

# systemctl restart rsyslog
# systemctl start haproxy
# systemctl enable haproxy

Install and Configure Nginx

Nginx is already the part of the existing RHEL 8 / CentOS 8 repo and can be installed with the following command.

# yum install nginx

Once installed you can verify the installation with the help of this command.

# yum info nginx


# yum info nginx
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Last metadata expiration check: 0:06:14 ago on Sat 16 Mar 2019 11:40:24 PM +04.
Installed Packages
Name         : nginx
Epoch        : 1
Version      : 1.14.0
Release      : 3.el8+1631+ba902cf0
Arch         : x86_64
Size         : 568 k
Source       : nginx-1.14.0-3.el8+1631+ba902cf0.src.rpm
Repo         : rhel-8-for-x86_64-appstream-beta-rpms
Summary      : A high performance web server and reverse proxy server
URL          : http://nginx.org/
License      : BSD
Description  : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
             : IMAP protocols, with a strong focus on high concurrency, performance and low
             : memory usage.

Once Nginx is installed, go to the web directory and change the index.html file accordingly. Make sure you’re doing below steps on nginx1 and nginx2 server.

# cd /usr/share/nginx/html
# ls -lrth
total 20K
-rw-r--r--. 1 root root 2.8K Oct 31  2016 poweredby.png
-rw-r--r--. 1 root root  368 Oct 31  2016 nginx-logo.png
-rw-r--r--. 1 root root 3.7K Mar 16 20:39 50x.html
-rw-r--r--. 1 root root 3.6K Mar 16 20:39 404.html
-rw-r--r--. 1 root root 3.7K Mar 16 20:42 index.html

Next, add Nginx to start at boot time and then start the daemon with the commands below.

# systemctl enable nginx
# systemctl start nginx

Testing the Load Balancing feature

Testing can be done by browing and access the loadbalancer IP 192.168.1.108 (for my case) and you will see one time it goes to the Nginx Node1 and second time it goes to Nginx Node2 in a round robin fashion.

Webpage on NGINX Node1

Webpage on NGINX Node1.
Webpage on NGINX Node2

Webpage on NGINX Node2.

You can also check the /var/log/haproxy-access.log to get the detail information about the load balancing.

Access the HAProxy Stats URL

Access the dashboard for HAProxy Statistical Report which is running on port 8080 with username and password defined in haproxy.cfg file.



http://192.168.1.108:8080/stats
Access HAProxy Stats URL

Access HAProxy Stats URL.
HAProxy Stats Dashboard

HAProxy Stats Dashboard.

HAProxy is working  successfully and acts as a load balancer for the two Nginx web servers.

Conclusion

HAProxy or High Availability proxy is an open source software that provides high availability for TCP-based services, it operates as HTTP load balancer and proxy server. The software is written in C and supports SSL, keep-alive and compression. HAProxy is the right choice for everyone who needs a load balancer and proxy server that is fast and lightweight with a small memory footprint and low CPU usage. Haproxy can run in Layer 4 TCP mode and Layer 7 HTTP mode. Nginx supports only the Layer 7 HTTP mode with HAProxy. If you want to use Layer 4 TCP mode, you can use other web servers like Apache. On RHEL 8 / CentOS 8 Linux, HAProxy is available in the default repository. It’s easy to install and configure.