How to Configure HAProxy Load Balancer in Nginx

To Configure HAProxy Load Balancer in Nginx

HAProxy is an open source TCP and HTTP load balancer and a proxy software. It distributes the workload among multiple servers to improve the performance of the servers. In this tutorial, you' ll be briefed about the configuration process of the HAProxy Load Balancer by using Nginx in CentOS.


Prerequisites for Load Balancer configuration

The configuration of HAProxy needs some necessary hardware. It involves one machine with Load Balancer and two or more servers which has Nginx installed in it. In case you don' t have a DNS server on your network, make an entry in your /etc/hosts file to have hostname resolution between these machines.

Testing Environment

Load Balancer:

IP Address &ndash 192.168.5.157
Hostname &ndash ha.example.com

Webserver 1:

IP Address &ndash 192.168.5.158
Hostname &ndash ws1.example.com

Webserver 2:

IP Address &ndash 192.168.5.159
Hostname &ndash ws2.example.com


To configure the Load Balancer

HAProxy can be installed by invoking the following command.

[root@ha ~]# yum install haproxy -y
Loaded plugins: fastestmirror, langpacks
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): extras/7/x86_64/primary_db | 166 kB 00:00:01
(2/2): updates/7/x86_64/primary_db | 9.1 MB 00:02:56
Determining fastest mirrors
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
.
.
.
Running transaction test
Transaction test succeeded
Running transaction
Installing : haproxy-1.5.14-3.el7.x86_64 1/1
Verifying : haproxy-1.5.14-3.el7.x86_64 1/1

Installed:
haproxy.x86_64 0:1.5.14-3.el7

Complete!

Once the installation is completed, configure the Load Balancer in the haproxy conf file which is located in /etc/haproxy/haproxy.cfg.
You can use this default configuration file or create a new configuration file for HAProxy.

But, before the configuration, it is better to take a backup for the future. It can be done by using the following command.

[root@ha ~]# cd /etc/haproxy/
[root@ha haproxy]# ls
haproxy.cfg
[root@ha haproxy]# mv haproxy.cfg haproxy.cfg.bak

If you want to create a new configuration file, use the following command. Inside the newly created file make the required entry as follows.

[root@ha haproxy]# vim haproxy.cfg

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2 #Log configuration

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy                                #Haproxy running under user and group " haproxy" 
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the ' listen'  and ' backend'  sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------
#HAProxy Monitoring Config
#---------------------------------------------------------------------
listen haproxy3-monitoring *:8080             #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats                              #URL for HAProxy monitoring
stats realm Haproxy Statistics
stats auth admin:admin                        #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend

#---------------------------------------------------------------------
# FrontEnd Configuration
#---------------------------------------------------------------------
frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main

#---------------------------------------------------------------------
# BackEnd roundrobin as balance algorithm
#---------------------------------------------------------------------
backend app-main
balance roundrobin #Balance algorithm
option httpchk HEAD / HTTP/1.1
Host: localhost #Check the server application is up and healty - 200 status code
server ws1 192.168.5.158:80 check
server ws2 192.168.5.159:80 check

In the above configuration you need to change username, password and Webserver’ s hostname with IP address in the highlighted section.

Once the above configuration is complete, it is time to configure the rsyslog daemon so you can log to HAProxy statistics. Invoke the following command to edit rsyslog.conf file .

[root@ha haproxy]# vim /etc/rsyslog.conf

Inside the rsyslog.conf file, make changes to the below mentioned line to enable UDP connection.

$ModLoad imudp
$UDPServerRun 514

Now create new haproxy configuration file for rsyslog and create an entry in it as follows.

[root@ha haproxy]# cd /etc/rsyslog.d/
[root@ha rsyslog.d]# vim haproxy.conf

Entry:

local2.=info /var/log/haproxy-access.log #For Access Log
local2.notice /var/log/haproxy-info.log #For Service Info - Backend, loadbalancer

Once the configuration is done, enable the services as follows.

[root@ha rsyslog.d]# systemctl start rsyslog
[root@ha rsyslog.d]# systemctl enable rsyslog
[root@ha rsyslog.d]# systemctl start haproxy
[root@ha rsyslog.d]# systemctl enable haproxy

Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

The final thing to be configured is the firewall so that it can allow the connections from the outside for http service and also for port number 8080.

[root@ha rsyslog.d]# firewall-cmd --permanent --add-service=http
success
[root@ha rsyslog.d]# firewall-cmd --permanent --add-port=8080/tcp
success
[root@ha rsyslog.d]# firewall-cmd --reload
Success

HAProxy is configured for load balancer with two Webservers. HAProxy' s statistics can be checked from the Web Browser by calling the URL http://< load-balancer-ip> :8080/stats

In this tutorial http://192.168.5.157:8080/stats is used.

Enter the username and password that you have mentioned in the haproxy configuration file.

Now you can see the statistics for HAProxy.

To check load balancer, use your load balancer ip. The browser will display the content you have placed in respective webservers. For each session you may have access to the different webservers.

Tag : Nginx CentOS Load balancer HAProxy
FAQ
Q
What does layer 4 mean?
A
Layer 4 is related to the fourth layer of the OSI model: transport level.
For example TCP and UDP protocols are transport level
Q
What is layer 4 load-balancing?
A
A layer 4 load-balancer takes routing decision based on IPs and TCP or UDP ports.
It has a packet view of the traffic exchanged between the client and a server which means it takes decisions packet by packet.
The layer 4 connection is established between the client and the server.

It is really fast but can’t perform any action on the protocol above layer 4.
The fastest layer4 load-balancers uses an ASIC to take routing decision.
Q
What does layer 7 mean?
A
Layer 7 is related to the seventh layer of the OSI model: application level.
For example, HTTP, FTP, SMTP, DNS protocols are application level
Q
What are the possible architectures with layer4 load balancers?
A
Mainly three architectures are doable, depending on your needs:
1.NAT or routed
2.Direct Server Return or Gateway mode
3.IP Tunnel mode
Q
What are the possible architectures with layer7 load balancers?
A
Actually, only one: Proxy mode, but two main flavors of it are available:
1.Proxy mode
2.Transparent proxy mode