In this article, we will have explained the necessary steps to install and configure HAProxy Load Balancer on Ubuntu 18.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
HAProxy is an open-source Linux tool that provides high availability load balancing and proxy services for TCP and HTTP-based network applications. Fue to its easy integration into existing architectures, suitability for high-traffic websites, extreme reliability, and focus on upwards compatibility, it is shipped by default by most mainstream Linux distros.
Install HAProxy on Ubuntu
Step 1. Network Details
For the sake of simplicity, we will assume the following IP addresses and hostnames for the instances:
- haproxy-server : public IP address 198.18.0.1
- backend-server1 : private IP address 172.16.0.1, public IP address 198.18.0.1
- backend-server2 : private IP address 172.16.0.2, public IP address 198.18.0.2
Step 2. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
1 2 | sudoaptupdate sudoaptupgrade |
Step 3. Install HaProxy on Ubuntu 18.04 LTS.
HaProxy is available on the Ubuntu software repository, so we can install it using the package manager by running the command below:
1 2 3 | sudoadd-apt-repositoryppa:vbernat/haproxy-1.8 sudoapt-getupdate sudoapt-getinstallhaproxy |
Step 4. Load Balancing Configuration with HAProxy.
Now edit haproxy default configuration file /etc/haproxy/haproxy.cfg and start configuration:
1 | sudonano/etc/haproxy/haproxy.cfg |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | global log/dev/loglocal0 log/dev/loglocal1notice chroot/var/lib/haproxy statssocket/run/haproxy/admin.sockmode660leveladmin statstimeout30s userhaproxy grouphaproxy daemon # Default SSL material locations ca-base/etc/ssl/certs crt-base/etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphersECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-optionsno-sslv3 defaults logglobal modehttp optionhttplog optiondontlognull timeoutconnect5000 timeoutclient 50000 timeoutserver 50000 errorfile400/etc/haproxy/errors/400.http errorfile403/etc/haproxy/errors/403.http errorfile408/etc/haproxy/errors/408.http errorfile500/etc/haproxy/errors/500.http errorfile502/etc/haproxy/errors/502.http errorfile503/etc/haproxy/errors/503.http errorfile504/etc/haproxy/errors/504.http |
So towards the end of the file, add the content below:
1 2 3 4 | frontendourwebsitefrontend bind *:80 modehttp default_backendourwebsiteendpoin |
The bind parameter tells HaProxy to listen to port 80 for connections. At the end of the text, we have specified ourwebsiteendpoint as the directive where our endpoints are located. We can now go ahead and add the backend configuration details as follows:
1 2 3 4 5 6 7 8 | backendourwebsiteendpoint balanceroundrobin optionforwardfor http-requestset-headerX-Forwarded-Port%[dst_port] http-requestadd-headerX-Forwarded-Protohttpsif{ssl_fc} optionhttpchkHEAD/HTTP/1.1\r\nHost:localhost serverbackend-server1172.16.0.1:8080check serverbackend-server2172.16.0.2:8080check |
Now if you want you can enable Haproxy statistics by adding following configuration in HAProxy configuration file:
1 2 3 4 5 6 | listenstats bind:32600 statsenable statsuri/ statshide-version statsauthusername:password |
Step 5. Final HAProxy Configuration File.
The final configuration file may look like below:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | global log/dev/log local0 log/dev/log local1notice chroot/var/lib/haproxy statssocket/run/haproxy/admin.sockmode660leveladmin statstimeout30s userhaproxy grouphaproxy daemon # Default SSL material locations ca-base/etc/ssl/certs crt-base/etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphersECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM$ ssl-default-bind-optionsno-sslv3 defaults log global mode http option httplog option dontlognull timeoutconnect5000 timeoutclient 50000 timeoutserver 50000 errorfile400/etc/haproxy/errors/400.http errorfile403/etc/haproxy/errors/403.http errorfile408/etc/haproxy/errors/408.http errorfile500/etc/haproxy/errors/500.http errorfile502/etc/haproxy/errors/502.http errorfile503/etc/haproxy/errors/503.http errorfile504/etc/haproxy/errors/504.http frontendourwebsitefrontend bind *:80 modehttp default_backendourwebsiteendpoint backendourwebsiteendpoint balanceroundrobin optionforwardfor http-requestset-headerX-Forwarded-Port%[dst_port] http-requestadd-headerX-Forwarded-Protohttpsif{ssl_fc} optionhttpchkHEAD/HTTP/1.1\r\nHost:localhost serverbackend-server1172.16.0.1:8080check serverbackend-server2172.16.0.2:8080check listenstats bind:32600 statsenable statsuri/ statshide-version statsauthusername:password |
Then, restart HaProxy server to reload the changes:
1 | sudoservicehaproxyrestart |
Step 6. Testing the Configuration.
At this stage, we have full functional HAProxy setup. At each web server node I have a demo index.html page showing servers hostname, So we can easily differentiate between servers web pages.
Now access port 80 on IP 198.18.0.1 (as configured above) in the web browser and hit refresh. You will see that HAProxy is sending requests to backend server one by one (as per round robin algorithm).
That’s all you need to do to install HAProxy Load on Ubuntu 18.04. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.
