Load Balancing is a networking solution used to distribute traffic across multiple servers. These servers are backend and are also known as a server farm or server pool. This ensures workload is spread evenly across the servers and that no server is overloaded with operations. The server can be physical devices or virtual machines that sit between the client machines and the backend servers. The load balancers fulfill requests in a manner that maximizes speed and improves the optimization of the delivery of resources. They also check the health of a server and do not send traffic to an unhealthy server until the server is restored.

HAProxy

HAProxy which stands for High Availability Proxy is an open-source load balancer that provides high-availability load balancing solutions and is also a reverse proxy for TCP and HTTP-based applications that spread requests across multiple servers. HAProxy is suited for high-traffic websites that are visited frequently. These high-traffic profile environments include Twitter, Instagram, and GitHub. HAProxy is designed to move data as fast as possible with fewer operations. It focuses on optimizing CPU efficiency by sticking connections to the same CPU as long as possible. Most operations on HAProxy can be made conditional by combining multiple ACLS using Logical operators.

Features

  • Proxying and Load-balancing.
  • High availability where only valid servers are used
  • Security is hardened by default by defensive measures such as chroot and privilege drops.
  • It is reliable and known for being extremely robust.
  • Highly scalable which improves its performance.
  • It implements a layered model that offers a bypass mechanism to ensure data does not reach higher levels unless needed.
  • It is a fast CGI gateway – It can directly load-balance a farm comprising of Fast CGI application server.
  • It is a caching proxy that stores responses on RAM so that subsequent requests from the same object avoid the cost of another transfer.

This guide shows you how to Configure HAProxy on CentOS 9|AlmaLinux 9|RHEL 9 systems.

Setup HAProxy Backend Servers

We will set up two web servers to act as our backend servers.

Server 1

Edit the host file and add the HAProxy server Ip address as shown below, then save and exit the file.

$ sudo nano /etc/hosts
server1.technixleo.com 192.168.200.41

Install Apache Web server

sudo yum install httpd -y

Enable and start the apache service.

sudo systemctl enable httpd
sudo systemctl start httpd

Edit the index file to a simple hello world output.

echo "<H1>Hello from Technixleo. This is server1: 192.168.200.41 </H1>" | sudo tee /var/www/html/index.html

Allow the HTTP port over the firewall.

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload

Change settings to logging for X-Forwarded-For header in the main configuration file.

$ sudo nano /etc/httpd/conf/httpd.conf
LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Then restart your service.

sudo systemctl restart httpd

Use curl to test the connectivity of the server.

$ curl server1.technixleo.com
<H1>Hello from Technixleo. This is server1: 192.168.200.41 </H1>

Server 2

On the second server, edit the host file to add the HAProxy server IP address. Save and exit the file.

$ sudo nano /etc/hosts
server2.technixleo.com 192.168.200.42

Install Apache Web server with the following command.

sudo yum install httpd

Start and enable the service.

sudo systemctl enable httpd
sudo systemctl start httpd

Edit the index file with a simple Hello world output.

echo "<H1>Hello from Technixleo. This is server2: 192.168.200.42 </H1>" | sudo tee /var/www/html/index.html

Allow HTTP port over the firewall.

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload

Change the setting in the main configuration file of the server to logging for the X-Forwarded-For header.

$ sudo nano /etc/httpd/conf/httpd.conf
LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Restart the service.

sudo systemctl restart httpd

Test the connectivity of the server.

$ curl server2.technixleo.com
<H1>Hello from Technixleo. This is server2: 192.168.200.42 </H1>

With both servers running, we can set up a HAProxy load balancer for the servers.

Install HAProxy on CentOS 9|AlmaLinux 9|RHEL 9

Setup the hostnames files of the servers on the hosts’ file

sudo nano /etc/hosts

Replace the IP addresses with that of your servers.

192.168.200.40  haproxy.technixleo.com
192.168.200.41  server1.technixleo.com
192.168.200.42  server2.technixleo.com

Save and exit the file.

Update your system packages.

sudo yum update -y

Install HAProxy with the following command.

sudo yum install haproxy

Check the version to confirm successful installation.

$ haproxy -v
HAProxy version 2.4.7-b5e51a5 2021/10/04 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2026.
Known bugs: http://www.haproxy.org/bugs/bugs-2.4.7.html
Running on: Linux 5.14.0-70.17.1.el9_0.x86_64 #1 SMP PREEMPT Tue Jun 14 11:32:10 EDT 2022 x86_64

Configure HAProxy as Load Balancer

To configure HAProxy as a load balancer, edit the main configuration file.

sudo nano /etc/haproxy/haproxy.cfg

The Front-end settings tell HAProxy to listen to incoming requests on port 80 of the IP and forward them to the IP addresses configured on the backed settings. The backend settings contain the scheduling algorithm to be used. The default settings remain unchanged. Add the following details to the file.

frontend http_web
     bind *:80
     default_backend    haproxy
     option             forwardfor

backend haproxy
    balance roundrobin
    server  haproxy-server1 192.168.200.41:80 check
    server  haproxy-server2 192.168.200.42:80 check

The balance option represents the scheduling algorithm to be used, the server represents the servers available in the back end, and check option flag the server for periodic health checks. Save and exit the file.

Verify the configuration file is valid

$ haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

Enable and start HAProxy.

sudo systemctl enable haproxy
sudo systemctl start haproxy

Check the status of HAProxy.

$ systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
     Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-07-06 10:29:02 EAT; 9s ago
    Process: 3184 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 3186 (haproxy)
      Tasks: 3 (limit: 48809)
     Memory: 4.5M
        CPU: 24ms
     CGroup: /system.slice/haproxy.service
             ├─3186 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
             └─3188 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid

Test HAProxy on CentOS 9|AlmaLinux 9|RHEL 9

Ensure you have connectivity to the host servers. Ping both servers with their hostname or IP addresses.

For the first server.

ping server1.technixleo.com

Fo the second server.

ping server2.technixleo.com

Go to your browser and type in the address http://haproxy/ to get the following

Reload the second time to get this.

Securing HAProxy with TSL/SSL on CentOS 9|AlmaLinux 9|RHEL 9

With an SSL certificate stored at /etc/pki/tls/certs, I can add the settings for SSL/TLS to the Load Balancing.

cd /etc/pki/tls/certs

Concatenate the cert and key to a PEM file.

cat server.crt  server.key | sudo tee haproxy.pem

Back to the root directory and edit the HAPproxy configuration file.

$ sudo nano /etc/haproxy/haproxy.cfg
bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem

Restart HAProxy service.

sudo systemctl restart haproxy

Allow HAProxy ports over the firewall.

sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

Verify this is working on the backend servers. Go to https://haproxy/

On the second server

Configure HAProxy’s Statistics

You can view HAProxy statistics on the web on a dashboard. HAProxy stats page shows metrics that cover the health of your servers, current request rates, response times, etc. You will have to edit the HAProxy configuration file to configure it.

 sudo nano /etc/haproxy/haproxy.cfg

Add the following details. Change the authentication details to fit your preference.

# add into backend section
backend haproxy
    stats enable
    stats auth admin:[email protected]
    stats hide-version
    stats show-node
    stats refresh 60s
    stats uri /stats

Save and exit the file. Restart HAProxy service after making the change:

sudo systemctl restart haproxy

Go to http://haproxy/stats. You will be required to enter the authentication details.

Then you will be able to view the statistics.

Conclusion

From this guide, we have looked at an overview of Load-balancing and HAProxy. We have also installed and configured HAProxy on CentOS 9|AlmaLinux 9|RHEL 9 systems. HAProxy is an open-source load balancing software and a reverse proxy for TCP and HTTP-based applications.

More guides to check out:

LEAVE A REPLY

Please enter your comment!
Please enter your name here