BestHub
Sign in
Operations 27 min read

How to Build High‑Availability Load Balancing with HAProxy and Keepalived

This guide explains how to configure HAProxy for high‑performance TCP/HTTP load balancing and combine it with Keepalived to achieve high‑availability using VRRP, covering installation, core features, health checks, session persistence, SSL offloading, routing rules, and practical configuration examples.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
How to Build High‑Availability Load Balancing with HAProxy and Keepalived

Load balancing is an essential component of distributed systems. This article introduces how to implement software load balancing with HAProxy and achieve high availability using Keepalived.

Load balancing is an indispensable part of distributed systems; it distributes requests to multiple nodes according to a scheduling algorithm. This article demonstrates how to configure HAProxy for load balancing and use Keepalived for high availability, enabling readers to quickly set up a highly available software load balancer.

1. Overview

Software load balancing provides front‑end IP traffic distribution for multiple backend servers. Keepalived and HAProxy are two popular solutions: Keepalived offers both load balancing and high availability, while HAProxy focuses on high‑performance TCP/HTTP reverse proxy and load balancing.

1.1 Keepalived

Keepalived operates at the transport layer (OSI Layer 4) and was originally created to monitor Linux Virtual Server (LVS) clusters. It later added VRRP to provide high‑availability capabilities, allowing it to manage LVS, Nginx, HAProxy, and other services.

Keepalived runs on both master and backup servers, exchanging VRRP heartbeats to detect failures. If the master stops sending heartbeats, the backup takes over the virtual IP (VIP) and load‑balancing duties.

1.2 HAProxy

HAProxy is a TCP/HTTP reverse‑proxy load balancer that works at both Layer 4 and Layer 7. It supports massive concurrent connections, session persistence, and a variety of load‑balancing algorithms.

1.3 Combining Keepalived and HAProxy

Because HAProxy can be a single point of failure, Keepalived provides high‑availability for HAProxy. Together they deliver a robust, highly available load‑balancing solution.

2. Keepalived Features and Installation

2.1 Core Functions

Manage LVS load‑balancing software.

Perform health checks on LVS nodes.

Provide network service high availability via VRRP.

2.2 High‑Availability Principle

Keepalived uses VRRP. The master continuously sends multicast heartbeats; the backup monitors them. If heartbeats stop, the backup assumes the master role and takes over the VIP, making the failover transparent to clients.

2.3 Installation and Configuration

Install Keepalived on two servers (master and backup) using yum: yum install -y keepalived After installation, edit /etc/keepalived/keepalived.conf. The file consists of a global section, VRRP instance section, and script section.

Global Section

global_defs {
    notification_email {
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server 127.0.0.1
    smtp_connect_timeout 60
    vrrp_mcast_group4 224.0.0.18
}

VRRP Instance Section

vrrp_instance R1 {
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass passwd
    }
    virtual_ipaddress {
        10.230.137.100
    }
    track_script {
        chk_haproxy
    }
    nopreempt
    preempt_delay 2
}

Script Section

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight -2
    fall 3
    rise 1
}

Start Keepalived on both nodes:

systemctl start keepalived
systemctl enable keepalived

3. HAProxy Features and Installation

3.1 Core Functions

Load balancing and session persistence.

TCP/HTTP health checks.

Statistics monitoring.

SSL offloading.

Header manipulation, request rewriting, ACL routing.

3.2 Load‑Balancing Algorithms

Round‑robin (with weight, slow start).

Static round‑robin.

Least connections (with weight).

Source‑address hash.

URI hash.

URL‑parameter hash.

HTTP‑header hash.

3.3 Installation and Configuration

Install HAProxy: yum install -y haproxy Edit /etc/haproxy/haproxy.cfg:

global
    log /dev/log local0 info
    chroot /var/lib/haproxy
    pidfile /var/run/haproxy.pid
    maxconn 4000
    user haproxy
    group haproxy
    daemon

defaults
    mode http
    log global
    option httplog
    option dontlognull
    option http-server-close
    option forwardfor except 127.0.0.0/8
    option redispatch
    retries 3
    timeout http-request 10s
    timeout queue 1m
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout http-keep-alive 10s
    timeout check 10s

frontend main
    mode http
    bind :80
    default_backend nginx

backend nginx
    mode http
    balance roundrobin
    server web1 host1:80 check inter 3s rise 1 fall 2
    server web2 host2:80 check

Session Persistence

Four‑layer persistence using source‑address hash:

backend nginx
    mode tcp
    balance source
    server web1 10.230.150.68:80 check cookie web1
    server web3 10.230.150.70:80 check cookie web3

Seven‑layer persistence using cookies:

backend nginx
    mode http
    balance roundrobin
    cookie WEBSRV insert indirect nocache
    server web1 10.230.150.68:80 check cookie web1
    server web3 10.230.150.70:80 check cookie web3

SSL Offloading

Add SSL parameters to the global section and bind port 443 in the frontend:

global
    tune.ssl.default-dh-param 2048

frontend main
    bind :80
    bind :443 ssl crt /etc/ssl/certs/web.pem
    redirect scheme https if !{ ssl_fc }
    default_backend nginx

Traffic Routing

URL‑path based routing:

frontend main
    bind :80
    bind :443 ssl crt /etc/ssl/certs/web.pem
    redirect scheme https if !{ ssl_fc }
    acl is_test1 path_beg /test1
    acl is_test2 path_beg /test2
    use_backend test1 if is_test1
    use_backend test2 if is_test2
    default_backend nginx

backend test1
    balance roundrobin
    server web2 10.230.150.69:80 check

backend test2
    balance roundrobin
    server web3 10.230.150.70:80 check

HTTP‑header based routing (Host header):

frontend main
    acl is_test1 hdr_beg(host) www.test1.com
    acl is_test2 hdr_beg(host) www.test2.com
    use_backend test1 if is_test1
    use_backend test2 if is_test2
    default_backend nginx

4. Conclusion

Hardware load balancers offer high performance but are costly and complex. Software load balancing with HAProxy and Keepalived provides a flexible, low‑cost, and highly available solution suitable for small‑to‑medium deployments. In a banking PaaS platform, the Keepalived + HAProxy combination delivered stable, scalable, and highly available traffic handling for control nodes, worker nodes, and image repositories.

Article reproduced from twt Enterprise IT Community (© original author).

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

high availabilityload balancingHAProxykeepalived
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment