BestHub
Sign in
Operations 20 min read

Master HAProxy: From Installation to Advanced Load Balancing Configuration

This article explains load balancing concepts, why to use it, HAProxy's features and limitations, Lua extensions, step‑by‑step installation on CentOS, service setup, detailed configuration sections, logging options, and how to organize large HAProxy setups with sub‑configuration files.

Raymond Ops
Raymond Ops
Raymond Ops
Master HAProxy: From Installation to Advanced Load Balancing Configuration

What is Load Balancing?

Load Balance (LB) is a high‑availability reverse proxy technique that distributes incoming web traffic across one or more backend servers, improving concurrency, availability, and enabling horizontal scaling.

Why Use Load Balancing

Web server dynamic horizontal scaling --> transparent to users
Increase concurrent access --> solve single‑server bottleneck
Save public IP addresses --> reduce IT cost
Hide internal IPs --> improve security
Simple configuration --> fixed‑format config files
Rich features --> support layer‑4/7, dynamic host removal
Strong performance --> tens of thousands of concurrent connections

Load Balancing Types

Layer 4:
LVS:
Linux Virtual Server
Nginx (>=1.9)
HAProxy (High Availability Proxy)

Layer 7:
HAProxy
Nginx

Hardware Appliances

F5
Netscaler
Array
Sangfor
Lingzhou

HAProxy Overview

HAProxy, created by Willy Tarreau in 2000 in C, is an open‑source TCP/HTTP load balancer supporting >10 000 concurrent connections, cookie‑based persistence, automatic failover, regex‑based routing, and more. Current stable version is 2.4.

Supported Features

TCP and HTTP reverse proxy
SSL/TLS termination
Cookie insertion for routing
Persistent connections
Full‑server failover
Dedicated monitoring port
Graceful stop of new connections
Header manipulation (add/replace)
Response compression
Pattern‑based ACLs
Status page via specific URI
HTTP and dynamic program proxying
Database‑backed proxying

Unsupported Features

Forward proxy (e.g., squid, nginx)
Caching proxy (e.g., Varnish)
Web server itself (nginx, tengine, apache, php, tomcat)
UDP (not supported)
Lower single‑process performance compared with LVS

Lua Extension

HAProxy can be extended with Lua scripts, a lightweight scripting language created in 1993 for embedding into applications.

Installation Examples

CentOS 7: # yum install haproxy -y CentOS 8: # dnf -y install haproxy Third‑party RPM:

# wget http://.../cheeserelease-7-1.noarch.rpm
# rpm -ivh cheese-release-7-1.noarch.rpm
# yum install haproxy

Compile from source (including Lua):

# yum install gcc readline-devel
# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
# tar xf lua-5.3.5.tar.gz -C /usr/local/src/
# cd /usr/local/src/lua-5.3.5/
# make linux test
# yum -y install gcc openssl-devel pcre-devel systemd-devel readline-devel
# tar xf haproxy-2.1.3.tar.gz -C /usr/local/src/
# cd /usr/local/src/haproxy-2.1.3/
# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
# make install PREFIX=/apps/haproxy
# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/

Systemd Service File

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000

[Install]
WantedBy=multi-user.target

Basic Configuration File (haproxy.cfg)

The file consists of a global section for process‑wide settings and a proxies section (defaults, frontend, backend, listen).

Global Parameters

chroot /apps/haproxy
daemon
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
nbproc 2
cpu-map 1 0
cpu-map 2 1
maxconn 100000
log 127.0.0.1 local2 info

Proxies – Defaults

option redispatch
option abortonclose
option http-keep-alive
option forwardfor
mode http
timeout http-keep-alive 120s
timeout connect 120s
timeout server 600s
timeout client 600s
timeout check 5s
default-server inter 1000 weight 3

Listen Example (Simplified)

listen WEB_PORT_80
    bind 0.0.0.0:9999
    mode http
    stats enable
    stats uri /status
    stats auth haadmin:123456
    server 172.31.0.17 172.31.0.17:80 check inter 3000 fall 2 rise 5
    server 172.31.0.27 172.31.0.27:80 check inter 3000 fall 2 rise 5

Frontend / Backend Example

frontend longxuan-test-http
    bind :80,:8080
    mode tcp
    use_backend longxuan-test-http-nodes

backend longxuan-test-http-nodes
    mode tcp
    server web1 172.31.0.17:80 weight 2 check addr 172.31.0.117 port 8080
    server web2 172.31.0.27:80 check

Logging

HAProxy does not log client requests by default. Production setups usually disable logging to reduce load, but it can be enabled via rsyslog:

$ModLoad imudp
$UDPServerRun 514
local3.* /var/log/haproxy.log

Using Sub‑Configuration Files

Large deployments can split configuration into multiple .cfg files and include them from the main file, simplifying maintenance.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

load balancingLinuxLuaHAProxysystemd
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment