How to Install and Configure HAProxy on CentOS 7

Misjudging incoming traffic can overload your web servers. Load balancers like HAProxy (High Availability Proxy) can help alleviate that issue. The primary job of load balancers is to balance the load on the server by minimizing response times, optimizing the usage of your resources, and improving the performance of your multi-server configuration. 

HAProxy is an open-source software widely used as a high availability load balancer and proxying TCP and HTTP connections. As a side note, there is a paid version of the software called HAProxy Enterprise with premium features and support. This article will cover the installation and configuration of the open-source version of HAProxy on CentOS 7.

Installation of HAProxy on CentOS 7

Install HAProxy

Installation is relatively easy. The below yum command will install the necessary packages along with HAProxy.

yum install haproxy

The end of the output will look like this.

Running transaction
  Installing : haproxy-1.5.18-9.el7.x86_64                    1/1
  Verifying  : haproxy-1.5.18-9.el7.x86_64                    1/1

Installed:
  haproxy.x86_64 0:1.5.18-9.el7

Next, we have to verify that HAProxy starts every time we reboot our server. We can accomplish that with the chkconfig command below.

chkconfig haproxy on

The command’s output will let you know that a symbolic link (symlink) was created for the HAProxy service. A symlink is a feature that helps link to a specific file or folder on your server.

Note: Forwarding request to 'systemctl enable haproxy.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

Now we will make sure we are allowing the HAProxy service to run through our firewall. The first command will enable the http server in the firewall.

firewall-cmd --permanent --zone=public --add-service=http

The next one will permanently open port 8181 in the firewall.

firewall-cmd --permanent --zone=public --add-port=8181/tcp

And the last one will reload the firewall.

firewall-cmd --reload

All of them will have the same output, as shown below.

success

Starting the Service

Let’s start the service and make sure it’s running. Input the following command to your terminal.

systemctl start haproxy && systemctl status haproxy

The output will look like the one below confirms the service is up and running.

● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2021-04-27 18:28:06 EDT; 38s ago
 Main PID: 86812 (haproxy-systemd)
   CGroup: /system.slice/haproxy.service
           ├─86812 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
           ├─86813 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
           └─86815 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds

You have successfully installed HAProxy on your server. Let’s move on to configuring the load balancer.

Configuring an HAProxy Load Balancer

Load balancing with HAProxy can be accomplished through Layer 4 or Layer 7. Understanding the differences between the two options will help you utilize load balancing in the best possible way for your server.

Layer 4 Load Balancer

Layer 4 load balancers are most commonly used for simple-packet load balancing. This type of load balancing operates at the transport level (and does not inspect the files for content), so all traffic going through a layer 4 load balancer is managed based on the network information of the request. Application ports or TCP protocols would be an example of such information. Data can quickly move because it is not inspected or encrypted when sent or received. Let’s see how your HAProxy configuration file should look like if you want to use layer 4 load balancing. 

Configuring Layer 4

First, modify existing configuration files by using your preferred text editor. We used vi for this example.

vi /etc/haproxy/haproxy.cfg

Append the following lines at the end of the configuration file once opened. Make sure to replace IP addresses from the example with ones from your server in the appropriate Site Configuration sections and replace server1 and server2 with the proper server names. Any requests sent from the IP address 209.59.154.63 on port 80 will be redirected to either 209.59.154.64 or 209.59.176.93.

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 debug
        maxconn   45000 # Total Max Connections.
        daemon
        nbproc      1 # Number of processing cores.
defaults
        timeout server 86400000
        timeout connect 86400000
        timeout client 86400000
        timeout queue   1000s

# [HTTP Site Configuration]
listen  http_web 209.59.154.63:80
        mode http
        balance roundrobin  # Load Balancing algorithm
        option httpchk
        option forwardfor
        server server1 209.59.154.64:80 weight 1 maxconn 512 check
        server server2 209.59.176.93:80 weight 1 maxconn 512 check

# [HTTPS Site Configuration]
listen  https_web 209.59.154.63:443
        mode tcp
        balance source# Load Balancing algorithm
        reqadd X-Forwarded-Proto: http
        server server1 209.59.154.64::443 weight 1 maxconn 512 check
        server server2 209.59.176.93:443 weight 1 maxconn 512 check

The code above includes both HTTP and HTTPS configurations which allow HAProxy to process requests from either protocol. A request using port 80 will use HTTP, and one using port 443 will use HTTPS. Additionally, you can modify the nbproc and mode values based on the number of cores that your system has at its disposal and whether you want http or tcp mode.

Let’s check out how layer 7 load balancing works and how to configure it.

Layer 7 Load Balancing

Layer 7 is an application layer used when you want to create a high availability application delivery network. It can inspect the content being sent or requested, unlike layer 4. This type of inspection is called load balancing at the high-level application layer. A user can open a session on your website and request a specific type of content (like an image or video) or place an order. Layer 7 would route traffic based on that user’s request type to highly optimized back-end servers storing the requested images or videos. 

Configuring Layer 7

We will again use the vi text editor to open the configuration file.

vi /etc/haproxy/haproxy.cfg

Add the code below to configure layer 7 load balancing after making the following changes:

• Update the appropriate server names in place of host1, host2, and host3.
• Update the IP addresses to ones from your servers (just like in the layer 4 configuration).
• The acl defines which connections should go through the load balancer, so change acl to the URL that will serve the load balancer. In this example, it is any connections with paths beginning with /test.
• Change use_backend to the backend server that will serve the data. The use_backend indicates all URLs matching the acl line URL should be served by the backend server named test_back.
• The backend http_back defines your multi-server configuration, which is the same thing that we did in layer 4 and will handle general requests.
• The backend test_back will handle connections to domain.com/test.

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   acl url_test path_beg /test
   use_backend test_back if url_test
   default_backend http_back

backend http_back
   balance roundrobin
   server host1 209.59.154.63:80 check
   server host2 209.59.154.64:80 check

backend test_back
   server host3 209.59.176.93:80 check

Restart HAProxy

After configuring either layer 4 or layer 7, restart HAProxy with the following command.

systemctl restart haproxy

A successful restart will result in no output, which means HAProxy is up and running with the changes you just implemented.

Conclusion

Now you know the installation basics of HAProxy on CentOS 7. HAProxy can be used on various Linux distributions, such as Ubuntu or Debian. The paid version of HAProxy does offer premium features and support, but the open-source version allows you to complete most tasks. If your online business starts to struggle with increased traffic, HAProxy is the perfect solution for you!

Get started today on a Liquid Web VPS server, voted fastest VPS by Cloud Spectator.