In this article, we will have explained the necessary steps to install and configure HAProxy Load Balancer on Ubuntu 18.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
HAProxy is an open-source Linux tool that provides high availability load balancing and proxy services for TCP and HTTP-based network applications. Fue to its easy integration into existing architectures, suitability for high-traffic websites, extreme reliability, and focus on upwards compatibility, it is shipped by default by most mainstream Linux distros.
Install HAProxy on Ubuntu
Step 1. Network Details
For the sake of simplicity, we will assume the following IP addresses and hostnames for the instances:
- haproxy-server : public IP address 198.18.0.1
- backend-server1 : private IP address 172.16.0.1, public IP address 198.18.0.1
- backend-server2 : private IP address 172.16.0.2, public IP address 198.18.0.2
Step 2. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 3. Install HaProxy on Ubuntu 18.04 LTS.
HaProxy is available on the Ubuntu software repository, so we can install it using the package manager by running the command below:
sudo add-apt-repository ppa:vbernat/haproxy-1.8 sudo apt-get update sudo apt-get install haproxy
Step 4. Load Balancing Configuration with HAProxy.
Now edit haproxy default configuration file /etc/haproxy/haproxy.cfg and start configuration:
sudo nano /etc/haproxy/haproxy.cfg
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http
So towards the end of the file, add the content below:
frontend ourwebsitefrontend bind *:80 mode http default_backend ourwebsiteendpoin
The bind parameter tells HaProxy to listen to port 80 for connections. At the end of the text, we have specified ourwebsiteendpoint as the directive where our endpoints are located. We can now go ahead and add the backend configuration details as follows:
backend ourwebsiteendpoint
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server backend-server1 172.16.0.1:8080 check
server backend-server2 172.16.0.2:8080 check
Now if you want you can enable Haproxy statistics by adding following configuration in HAProxy configuration file:
listen stats bind :32600 stats enable stats uri / stats hide-version stats auth username:password
Step 5. Final HAProxy Configuration File.
The final configuration file may look like below:
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM$ ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend ourwebsitefrontend bind *:80 mode http default_backend ourwebsiteendpoint backend ourwebsiteendpoint balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server backend-server1 172.16.0.1:8080 check server backend-server2 172.16.0.2:8080 check listen stats bind :32600 stats enable stats uri / stats hide-version stats auth username:password
Then, restart HaProxy server to reload the changes:
sudo service haproxy restart
Step 6. Testing the Configuration.
At this stage, we have full functional HAProxy setup. At each web server node I have a demo index.html page showing servers hostname, So we can easily differentiate between servers web pages.
Now access port 80 on IP 198.18.0.1 (as configured above) in the web browser and hit refresh. You will see that HAProxy is sending requests to backend server one by one (as per round robin algorithm).
That’s all you need to do to install HAProxy Load on Ubuntu 18.04. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.