Master HAProxy: From Installation to Advanced Load‑Balancing Configuration

Load balancing (LB) is a high‑availability reverse‑proxy technique that distributes incoming traffic across one or more backend servers, improving concurrency, ensuring service availability, and simplifying horizontal scaling.

Why Use Load Balancing

Web server horizontal scaling --> transparent to users
Increase concurrent access --> solve single‑server bottleneck
Save public IP addresses --> reduce IT costs
Hide internal IPs --> improve security
Simple configuration --> fixed‑format config files
Rich features --> support L4/L7, dynamic host removal
Strong performance --> tens of thousands of concurrent connections

Load‑Balancing Types

L4 (Transport layer):
  LVS (Linux Virtual Server)
  Nginx (v1.9+)
  HAProxy

L7 (Application layer):
  HAProxy
  Nginx

Hardware Appliances

F5

Cisco Netscaler

Array Networks

Sangfor

Beijing Lingzhou

HAProxy Overview

HAProxy, created by Willy Tarreau in 2000 in C, is an open‑source TCP/HTTP load balancer capable of handling tens of thousands of connections, supporting cookie‑based persistence, automatic failover, regex matching, and web‑status statistics. The latest stable version is 2.4.

Supported Features

TCP and HTTP reverse proxy

SSL/TLS termination

Cookie insertion for routing

Persistent connections

Full server failover

Dedicated monitoring ports

Graceful stop of new connections

Header manipulation and compression

Pattern‑based ACLs

Detailed status via URI

Unsupported Features

Forward proxy (e.g., Squid, Nginx)

Cache proxy (e.g., Varnish)

Web server functions (e.g., Nginx, Apache, Tomcat)

UDP protocol

Single‑node performance (lower than LVS)

Lua Extension

HAProxy can be extended with Lua scripts, allowing flexible custom logic embedded in the proxy.

Installation Examples

CentOS 7/8 Packages

# yum install haproxy -y   # CentOS 7
# dnf -y install haproxy   # CentOS 8

Third‑Party RPM

# wget http://www.nosuchhost.net/.../cheeserelease-7-1.noarch.rpm
# rpm -ivh cheese-release-7-1.noarch.rpm
# yum install haproxy

Compile from Source (CentOS 8)

# yum install gcc readline-devel openssl-devel pcre-devel systemd-devel
# wget http://www.lua.org/ftp/lua-5.3.5.tar.gz
# tar xf lua-5.3.5.tar.gz -C /usr/local/src/
# cd /usr/local/src/lua-5.3.5 && make linux test
# wget http://www.haproxy.org/download/2.1/src/haproxy-2.1.3.tar.gz
# tar xf haproxy-2.1.3.tar.gz -C /usr/local/src/
# cd /usr/local/src/haproxy-2.1.3/
# make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/
# make install PREFIX=/apps/haproxy
# ln -s /apps/haproxy/sbin/haproxy /usr/sbin/
# haproxy -v

Systemd Service File

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000

[Install]
WantedBy=multi-user.target

Reloading and Verifying

# systemctl daemon-reload
# systemctl start haproxy
# mkdir /etc/haproxy /var/lib/haproxy
# journalctl -xe   # check for configuration errors
# tail -f /var/log/haproxy.log   # view access logs if enabled

Basic Configuration Structure

The HAProxy configuration file ( haproxy.cfg) consists of two main sections: global (process‑wide settings) and proxies (frontend/backend/listen definitions).

Global Section Parameters

maxconn

– maximum connections per process chroot – change root directory for security daemon – run as a daemon stats socket – Unix socket for admin commands user / group – drop privileges nbproc / nbthread – process or thread count (mutually exclusive) cpu-map – bind workers to CPUs log – syslog server definition

Proxies Section

Contains defaults (shared settings), frontend (client‑side), backend (server‑side), and listen (combined) blocks.

Defaults Example

option redispatch
option abortonclose
option http-keep-alive
option forwardfor
mode http|tcp
timeout http-keep-alive 120s
timeout connect 120s
timeout server 600s
timeout client 600s
timeout check 5s
default-server inter 1000 weight 3

Listen (Simplified) Example

listen WEB_PORT_80
    bind 10.0.0.7:80
    mode http
    option forwardfor
    server web1 172.31.0.17:8080 check inter 3000 fall 3 rise 5
    server web2 172.31.0.27:8080 check inter 3000 fall 3 rise 5

Frontend Example

frontend magedu_web_port
    bind :80,:8080
    bind 172.31.0.7:10080,:8801-8810,172.31.0.17:9001-9010
    mode http|tcp
    use_backend longxuan_test_http_nodes

Backend Example

backend longxuan_test_http_nodes
    mode tcp
    default-server inter 1000 weight 6
    server web1 172.31.0.17:80 weight 2 check addr 172.31.0.117 port 8080
    server web2 172.31.0.27:80 check

Including Sub‑Configuration Files

For large deployments, split configuration into multiple .cfg files under /etc/haproxy/conf.d/ and reference them in the systemd unit with additional -f /etc/haproxy/conf.d/ arguments.

References

Official HAProxy documentation: http://cbonte.github.io/haproxy-dconv/