@
you're reading...
Linux Network Services, Linux Tips and Tricks

Setup HaProxy HTTP Load Balancer on CentOS

Load Balancing per wikipedia, improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives. Load balancing aims to optimize resource use, maximize throughput, minimize response time, and avoid overload of any single resource. Using multiple components with load balancing instead of a single component may increase reliability and availability through redundancy. Load balancing usually involves dedicated software or hardware, such as a multilayer switch or a Domain Name System server process.

Installing HaProxy

HAProxy isn’t available in the default repositories for CentOS or Red Hat. In order for us to be able to install it, we need to add the EPEL repository to our server and install it using Yum.

1. Download the EPEL repository RPM.
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
2. Install the EPEL repository RPM to add its Yum configuration file to your server.
# rpm -ivh epel-release-6.8.noarch.rpm
3. Install HAProxy
# yum install haproxy

Configuring HaProxy

Edit existing HaProxy configuration /etc/haproxy/haproxy.cfg as below:

global
 log 127.0.0.1 local2
 chroot /var/lib/haproxy
 maxconn 600
 user haproxy
 group haproxy
 daemon
 stats socket /var/lib/haproxy/stats
 tune.ssl.default-dh-param 2048

defaults
 mode http
 log global
 option httplog
 option dontlognull
 option forwardfor except 127.0.0.0/8
 option http-server-close
 option abortonclose
 option redispatch
 retries 3
 timeout http-request 60s
 timeout queue 60m
 timeout connect 300s
 timeout client 60m
 timeout server 60m
 timeout http-keep-alive 5s
 timeout check 10s

frontend HTTP
 bind 192.168.1.50:80
 reqadd X-Forwarded-Proto:\ http
 default_backend HTTP_Backend

frontend HTTPS
 bind 192.168.1.50:443 ssl crt /etc/ssl/cnx.pem force-tlsv12
 reqadd X-Forwarded-Proto:\ https
 default_backend HTTP_Backend

backend HTTP_Backend
 balance roundrobin
 stick-table type ip size 1m expire 1h
 stick on src
 option abortonclose
 option forwardfor except 127.0.0.0/8
 option http-server-close
 option httpchk HEAD /check.html HTTP/1.0
 server WEB_01 192.168.1.61:80 weight 20 minconn 80 maxconn 180 inter 5s check
 server WEB_02 192.168.1.62:80 weight 20 minconn 80 maxconn 180 inter 5s check
 server WEB_03 192.168.1.63:80 weight 20 minconn 80 maxconn 160 inter 5s check

listen stats 192.168.1.50:8443
 mode http
 log global
 maxconn 10
 timeout client 100s
 timeout server 100s
 timeout connect 100s
 timeout queue 100s
 stats enable
 stats hide-version
 stats refresh 10s
 stats show-node
 stats scope HTTP_Backend
 stats auth yongitz:password
 stats uri /stats
 stats admin if TRUE

Points to remember:

1. The setup above is designed to load balance http requests.
2. The balancing alrogithm used for this setup is roundrobin. This means that each server will be used in turns in relation to their weights. With the above setup, once server is setup with a lower weight which means it has less priority than with the other two.
3. Check interval is set to 5 seconds, default is 2 when not specified.
4. Accepts both HTTP and HTTPS connection. When request is HTTPS, it enforces the use of TLS protocol version 1.2
5. HaProxy Stats is enabled and can be accessed via http://192.168.1.50:8443/stats using basic auth. Username and password has been set to yongitz and password respectively.
6. With this setup, you can enable/disable backend servers on the fly.

For the detailed definition of each parameters above, you may check the official documentation here.

Below is the sample stats of HaProxy in action:
haproxy_stats

Advertisements

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s