Misjudging incoming traffic can overload your web servers. Load balancers like HAProxy (High Availability Proxy) can help alleviate that issue. The primary job of load balancers is to balance the load on the server by minimizing response times, optimizing the usage of your resources, and improving the performance of your multi-server configuration.
HAProxy is an open-source software widely used as a high availability load balancer and proxying TCP and HTTP connections. As a side note, there is a paid version of the software called HAProxy Enterprise with premium features and support. This article will cover the installation and configuration of the open-source version of HAProxy on CentOS 7.
Installation of HAProxy on CentOS 7
Installation is relatively easy. The below yum command will install the necessary packages along with HAProxy.
yum install haproxy
The end of the output will look like this.
Running transaction Installing : haproxy-1.5.18-9.el7.x86_64 1/1 Verifying : haproxy-1.5.18-9.el7.x86_64 1/1 Installed: haproxy.x86_64 0:1.5.18-9.el7
Next, we have to verify that HAProxy starts every time we reboot our server. We can accomplish that with the chkconfig command below.
chkconfig haproxy on
The command’s output will let you know that a symbolic link (symlink) was created for the HAProxy service. A symlink is a feature that helps link to a specific file or folder on your server.
Note: Forwarding request to 'systemctl enable haproxy.service'. Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.
Now we will make sure we are allowing the HAProxy service to run through our firewall. The first command will enable the http server in the firewall.
firewall-cmd --permanent --zone=public --add-service=http
The next one will permanently open port 8181 in the firewall.
firewall-cmd --permanent --zone=public --add-port=8181/tcp
And the last one will reload the firewall.
All of them will have the same output, as shown below.
Starting the Service
Let’s start the service and make sure it’s running. Input the following command to your terminal.
systemctl start haproxy && systemctl status haproxy
The output will look like the one below confirms the service is up and running.
● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2021-04-27 18:28:06 EDT; 38s ago Main PID: 86812 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─86812 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─86813 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─86815 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
You have successfully installed HAProxy on your server. Let’s move on to configuring the load balancer.
Configuring an HAProxy Load Balancer
Load balancing with HAProxy can be accomplished through Layer 4 or Layer 7. Understanding the differences between the two options will help you utilize load balancing in the best possible way for your server.
Layer 4 Load Balancer
Layer 4 load balancers are most commonly used for simple-packet load balancing. This type of load balancing operates at the transport level (and does not inspect the files for content), so all traffic going through a layer 4 load balancer is managed based on the network information of the request. Application ports or TCP protocols would be an example of such information. Data can quickly move because it is not inspected or encrypted when sent or received. Let’s see how your HAProxy configuration file should look like if you want to use layer 4 load balancing.
Configuring Layer 4
First, modify existing configuration files by using your preferred text editor. We used vi for this example.
Append the following lines at the end of the configuration file once opened. Make sure to replace IP addresses from the example with ones from your server in the appropriate Site Configuration sections and replace server1 and server2 with the proper server names. Any requests sent from the IP address 22.214.171.124 on port 80 will be redirected to either 126.96.36.199 or 188.8.131.52.
global log 127.0.0.1 local0 log 127.0.0.1 local1 debug maxconn 45000 # Total Max Connections. daemon nbproc 1 # Number of processing cores. defaults timeout server 86400000 timeout connect 86400000 timeout client 86400000 timeout queue 1000s # [HTTP Site Configuration] listen http_web 184.108.40.206:80 mode http balance roundrobin # Load Balancing algorithm option httpchk option forwardfor server server1 220.127.116.11:80 weight 1 maxconn 512 check server server2 18.104.22.168:80 weight 1 maxconn 512 check # [HTTPS Site Configuration] listen https_web 22.214.171.124:443 mode tcp balance source# Load Balancing algorithm reqadd X-Forwarded-Proto: http server server1 126.96.36.199::443 weight 1 maxconn 512 check server server2 188.8.131.52:443 weight 1 maxconn 512 check
The code above includes both HTTP and HTTPS configurations which allow HAProxy to process requests from either protocol. A request using port 80 will use HTTP, and one using port 443 will use HTTPS. Additionally, you can modify the nbproc and mode values based on the number of cores that your system has at its disposal and whether you want http or tcp mode.
Let’s check out how layer 7 load balancing works and how to configure it.
Layer 7 Load Balancing
Layer 7 is an application layer used when you want to create a high availability application delivery network. It can inspect the content being sent or requested, unlike layer 4. This type of inspection is called load balancing at the high-level application layer. A user can open a session on your website and request a specific type of content (like an image or video) or place an order. Layer 7 would route traffic based on that user’s request type to highly optimized back-end servers storing the requested images or videos.
Configuring Layer 7
We will again use the vi text editor to open the configuration file.
Add the code below to configure layer 7 load balancing after making the following changes:
- Update the appropriate server names in place of host1, host2, and host3.
- Update the IP addresses to ones from your servers (just like in the layer 4 configuration).
- The acl defines which connections should go through the load balancer, so change acl to the URL that will serve the load balancer. In this example, it is any connections with paths beginning with /test.
- Change use_backend to the backend server that will serve the data. The use_backend indicates all URLs matching the acl line URL should be served by the backend server named test_back.
- The backend http_back defines your multi-server configuration, which is the same thing that we did in layer 4 and will handle general requests.
- The backend test_back will handle connections to domain.com/test.
frontend http_front bind *:80 stats uri /haproxy?stats acl url_test path_beg /test use_backend test_back if url_test default_backend http_back backend http_back balance roundrobin server host1 184.108.40.206:80 check server host2 220.127.116.11:80 check backend test_back server host3 18.104.22.168:80 check
After configuring either layer 4 or layer 7, restart HAProxy with the following command.
systemctl restart haproxy
A successful restart will result in no output, which means HAProxy is up and running with the changes you just implemented.
Now you know the installation basics of HAProxy on CentOS 7. HAProxy can be used on various Linux distributions, such as Ubuntu or Debian. The paid version of HAProxy does offer premium features and support, but the open-source version allows you to complete most tasks. If your online business starts to struggle with increased traffic, HAProxy is the perfect solution for you!
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.