Lets get installing
Assuming you have a new CentOS 7 server ready to go
the following should show you the current (or horrorably outdated) version available in the YUM repository
sudo yum info haproxy
After deciding the version is old and to install it is a bad idea we will build from source
Lets get some tools
sudo yum install gcc pcre-static pcre-devel -y
Next we need the source file.
you can find all the versions (even current ones, shocking I know) here:
I’ll be using 1.9.4 as it is listed as long term
wget http://www.haproxy.org/download/1.9/src/haproxy-1.9.4.tar.gz -O /tmp/haproxy.tar.gz
Now lets pull out the files and get ready to install
tar xzvf /tmp/haproxy.tar.gz -C /tmp/
Lets go look
cd /tmp/haproxy-1.9.4/
get the pre-flight setup taken care of
make TARGET=generic ARCH=native CPU=x86_64 -j8
Install the load balancer
sudo make install
Lets get some of the necessary things ready
sudo mkdir -p /etc/haproxy
sudo mkdir -p /var/lib/haproxy
sudo touch /var/lib/haproxy/stats
sudo mkdir /run/haproxy/
sudo chown haproxy:haproxy /run/haproxy/
Small setting to make your life easier
sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
They include the needed init.d file (how great is that)
sudo cp ~/haproxy-1.7.8/examples/haproxy.init /etc/init.d/haproxy
sudo chmod 755 /etc/init.d/haproxy
sudo systemctl daemon-reload
sudo useradd -r haproxy
Now you can test the install and see your version number (all at once)
haproxy -v
It should return the following:
HA-Proxy version 1.8.19 2019/02/11
Copyright 2000-2019 Willy Tarreau <[email protected]>
Open up some firewall ports
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-port=8181/tcp
sudo firewall-cmd --reload
Build the config file
sudo vi /etc/haproxy/haproxy.cfg
Insert the following (entering your own names for <server name> and your own server IP’s for <private IP>
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/haproxy.sock mode 660 level admin
stats timeout 2m
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats
bind *:8181
stats enable
stats hide-version
stats uri /
stats realm Haproxy\ Statistics
stats auth admin:password1
frontend nginx_http_test
bind *:80
default_backend nginx_http_back
backend nginx_http_back
balance roundrobin
server nginx-01 10.254.254.101:80 check
server nginx-02 10.254.254.102:80 check
You can use different algorithms for balancing
- Roundrobin: Each server is used in turns according to their weights. This is the smoothest and fairest algorithm when the servers’ processing time remains equally distributed. This algorithm is dynamic, which allows server weights to be adjusted on the fly.
- Leastconn: The server with the lowest number of connections is chosen. Round-robin is performed between servers with the same load. Using this algorithm is recommended with long sessions, such as LDAP, SQL, TSE, etc, but it is not very well suited for short sessions such as HTTP.
- First: The first server with available connection slots receives the connection. The servers are chosen from the lowest numeric identifier to the highest, which defaults to the server’s position on the farm. Once a server reaches its maxconn value, the next server is used.
- Source: The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This way the same client IP address will always reach the same server while the servers stay the same.
Doing layer 7 load balancing is just as simple
modify your haproxy.cfg file and change/add the following:
frontend nginx_http_test
bind *:80
acl url_blog_test path_beg /blog
use_backend blog_http_back if url_blog_test
default_backend nginx_http_back
backend nginx_http_back
balance roundrobin
server nginx-01 10.254.254.101:80 check
server nginx-02 10.254.254.102:80 check
backend blog_http_back
server nginx-03 10.254.254.103:80 check
Whenever you change something reload the app
sudo systemctl restart haproxy
Too see the current status go to the following url
You will need the username and password from the config file (admin password1)
http://<load balancer public IP>:8181
That’s it, you now have a L7 load Balancer
If you want to grab statistics, scraping the stats page is a bad idea (as documented by HAProxy) they have provided a socket to get data.
any user that needs access to the socket will need to be added to the haproxy group
sudo gpasswd -a <user name> haproxy
You can test your socket
echo "show info;show stat" | nc -U /var/run/haproxy.sock
If you need a NetCat socket client
sudo yum install -y nmap-ncat