Lets get installing

Assuming you have a new CentOS 7 server ready to go
the following should show you the current (or horrorably outdated) version available in the YUM repository

sudo yum info haproxy

After deciding the version is old and to install it is a bad idea we will build from source
Lets get some tools

sudo yum install gcc pcre-static pcre-devel -y

Next we need the source file.
you can find all the versions (even current ones, shocking I know) here:

http://www.haproxy.org/

I’ll be using 1.9.4 as it is listed as long term

wget http://www.haproxy.org/download/1.9/src/haproxy-1.9.4.tar.gz -O /tmp/haproxy.tar.gz

Now lets pull out the files and get ready to install

tar xzvf /tmp/haproxy.tar.gz -C /tmp/

Lets go look

cd /tmp/haproxy-1.9.4/

get the pre-flight setup taken care of

make TARGET=generic ARCH=native CPU=x86_64 -j8

Install the load balancer

sudo make install

Lets get some of the necessary things ready

sudo mkdir -p /etc/haproxy
sudo mkdir -p /var/lib/haproxy 
sudo touch /var/lib/haproxy/stats
sudo mkdir /run/haproxy/
sudo chown haproxy:haproxy /run/haproxy/

Small setting to make your life easier

sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

They include the needed init.d file (how great is that)

sudo cp ~/haproxy-1.7.8/examples/haproxy.init /etc/init.d/haproxy
sudo chmod 755 /etc/init.d/haproxy
sudo systemctl daemon-reload
sudo useradd -r haproxy

Now you can test the install and see your version number (all at once)

haproxy -v

It should return the following:

HA-Proxy version 1.8.19 2019/02/11
Copyright 2000-2019 Willy Tarreau <[email protected]>

Open up some firewall ports

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-port=8181/tcp
sudo firewall-cmd --reload

Build the config file

sudo vi /etc/haproxy/haproxy.cfg

Insert the following (entering your own names for <server name> and your own server IP’s for <private IP>

global
   log /dev/log local0
   log /dev/log local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/haproxy.sock mode 660 level admin
   stats timeout 2m
   user haproxy
   group haproxy
   daemon

defaults
   log global
   mode http
   option httplog
   option dontlognull
   timeout connect 5000
   timeout client 50000
   timeout server 50000

listen stats
   bind *:8181
   stats enable
   stats hide-version
   stats uri /
   stats realm Haproxy\ Statistics
   stats auth admin:password1

frontend nginx_http_test
   bind *:80
   default_backend nginx_http_back

backend nginx_http_back
   balance roundrobin
   server nginx-01 10.254.254.101:80 check
   server nginx-02 10.254.254.102:80 check

You can use different algorithms for balancing

  • Roundrobin: Each server is used in turns according to their weights. This is the smoothest and fairest algorithm when the servers’ processing time remains equally distributed. This algorithm is dynamic, which allows server weights to be adjusted on the fly.
  • Leastconn: The server with the lowest number of connections is chosen. Round-robin is performed between servers with the same load. Using this algorithm is recommended with long sessions, such as LDAP, SQL, TSE, etc, but it is not very well suited for short sessions such as HTTP.
  • First: The first server with available connection slots receives the connection. The servers are chosen from the lowest numeric identifier to the highest, which defaults to the server’s position on the farm. Once a server reaches its maxconn value, the next server is used.
  • Source: The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This way the same client IP address will always reach the same server while the servers stay the same.

Doing layer 7 load balancing is just as simple
modify your haproxy.cfg file and change/add the following:

frontend nginx_http_test
   bind *:80
   acl url_blog_test path_beg /blog
   use_backend blog_http_back if url_blog_test
   default_backend nginx_http_back

backend nginx_http_back
   balance roundrobin
   server nginx-01 10.254.254.101:80 check
   server nginx-02 10.254.254.102:80 check

backend blog_http_back
   server nginx-03 10.254.254.103:80 check

Whenever you change something reload the app

sudo systemctl restart haproxy

Too see the current status go to the following url
You will need the username and password from the config file (admin password1)

http://<load balancer public IP>:8181

That’s it, you now have a L7 load Balancer

If you want to grab statistics, scraping the stats page is a bad idea (as documented by HAProxy) they have provided a socket to get data.
any user that needs access to the socket will need to be added to the haproxy group

sudo gpasswd -a <user name> haproxy

You can test your socket

echo "show info;show stat" | nc -U /var/run/haproxy.sock

If you need a NetCat socket client

sudo yum install -y nmap-ncat