In this article, we will have explained the necessary steps to install and configure HAProxy Load Balancer on Ubuntu 18.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
HAProxy is an open-source Linux tool that provides high availability load balancing and proxy services for TCP and HTTP-based network applications. Fue to its easy integration into existing architectures, suitability for high-traffic websites, extreme reliability, and focus on upwards compatibility, it is shipped by default by most mainstream Linux distros.
Install HAProxy on Ubuntu
Step 1. Network Details
For the sake of simplicity, we will assume the following IP addresses and hostnames for the instances:
- haproxy-server : public IP address 198.18.0.1
- backend-server1 : private IP address 172.16.0.1, public IP address 198.18.0.1
- backend-server2 : private IP address 172.16.0.2, public IP address 198.18.0.2
Step 2. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 3. Install HaProxy on Ubuntu 18.04 LTS.
HaProxy is available on the Ubuntu software repository, so we can install it using the package manager by running the command below:
sudo add-apt-repository ppa:vbernat/haproxy-1.8 sudo apt-get update sudo apt-get install haproxy
Step 4. Load Balancing Configuration with HAProxy.
Now edit haproxy default configuration file /etc/haproxy/haproxy.cfg and start configuration:
sudo nano /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.httpSo towards the end of the file, add the content below:
frontend ourwebsitefrontend
bind *:80
mode http
default_backend ourwebsiteendpoinThe bind parameter tells HaProxy to listen to port 80 for connections. At the end of the text, we have specified ourwebsiteendpoint as the directive where our endpoints are located. We can now go ahead and add the backend configuration details as follows:
backend ourwebsiteendpoint
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server backend-server1 172.16.0.1:8080 check
server backend-server2 172.16.0.2:8080 checkNow if you want you can enable Haproxy statistics by adding following configuration in HAProxy configuration file:
listen stats
bind :32600
stats enable
stats uri /
stats hide-version
stats auth username:passwordStep 5. Final HAProxy Configuration File.
The final configuration file may look like below:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ourwebsitefrontend
bind *:80
mode http
default_backend ourwebsiteendpoint
backend ourwebsiteendpoint
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server backend-server1 172.16.0.1:8080 check
server backend-server2 172.16.0.2:8080 check
listen stats
bind :32600
stats enable
stats uri /
stats hide-version
stats auth username:passwordThen, restart HaProxy server to reload the changes:
sudo service haproxy restart
Step 6. Testing the Configuration.
At this stage, we have full functional HAProxy setup. At each web server node I have a demo index.html page showing servers hostname, So we can easily differentiate between servers web pages.
Now access port 80 on IP 198.18.0.1 (as configured above) in the web browser and hit refresh. You will see that HAProxy is sending requests to backend server one by one (as per round robin algorithm).
That’s all you need to do to install HAProxy Load on Ubuntu 18.04. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.
