HAProxy is a free HTTP/TCP high availability load balancer and proxy server. It spreads requests among multiple servers to mitigate issues resulting from a single server failure. HA Proxy is used by a number of high-profile websites including GitHub, Bitbucket, Stack Overflow, Reddit, Tumblr, Twitter, and Tuenti, and is used in the OpsWorks product from Amazon Web Services.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related HAProxy configuration queries.
In this context, we shall look into how to install HAProxy on your CentOS 8 system.
1. Perform System Update
First, let's start by ensuring your system is up-to-date:
$ sudo clean all
$ sudo dnf update2. Install HAProxy on the system
HAProxy is available on the default CentOS 8, Now use the following dnfa command to install HAProxy:
$ sudo dnf install haproxyNext, we have to verify that HAProxy starts every time we reboot our server. We can accomplish that with the chkconfig command below:
$ chkconfig haproxy on3. Configure HAProxy
We are going to create a configuration file /etc/haproxy/haproxy.cfg containing the necessary settings and configurations:
$ sudo nano /etc/haproxy/haproxy.cfgEnter the following into the file:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
backend static
balance roundrobin
server static 127.0.0.1:4331 check
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 checkYou can view the configuration details and more information check this URL. Once you have configured HAProxy, its time to start the service:
$ sudo systemctl start haproxy
$ sudo systemctl enable haproxy4. Configure Firewall
We will add the HAProxy to the CentOS 8 firewall and update the rules with the following commands:
$ sudo firewall-cmd --add-port=8088/tcp --permanent
$ sudo firewall-cmd --reload5. Configure HAProxy Logging
To configure HAProxy standard logging edit /etc/rsyslog.conf and enable UDP Syslog reception on port 514:
$ sudo nano /etc/rsyslog.conf...
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
...
*.info;mail.none;authpriv.none;cron.none,local2.none /var/log/messages
local2.* /var/log/haproxy.log
...Then, save the configuration file and run the command below to check for any errors:
$ rsyslogd -N1
$ sudo systemctl restart rsyslog haproxy6. Configure Apache X-Forwarded-For Logging on Backend Servers
Now we log in to the backend servers and configure Apache to log X-Forwarded-For headers. The default line we are changing is:
...
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
...Edit this line such that it looks like:
...
LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
...Save the file and restart Apache:
$ apachectl configtest
$ sudo systemctl restart httpdTo verify that HAProxy is able to load balance the HTTP requests, navigate to the browser, and access HAProxy using either the hostname or IP address.
After configuring either layer 4 or layer 7, restart HAProxy with the following command:
$ systemctl restart haproxyA successful restart will result in no output, which means HAProxy is up and running with the changes you just implemented.
This article covers the process of installing HAProxy on your CentOS 8 systems. In fact, HAProxy is an open-source software widely used as a high availability load balancer and proxying TCP and HTTP connections.
