Master HAProxy: From Installation to High‑Availability Load Balancing
This article introduces HAProxy as a free, high‑performance load balancer, explains its core L4/L7 features, walks through installation on CentOS 7, shows detailed configuration for HTTP and TCP modes, covers logging, log rotation, health checks, session persistence, monitoring, and demonstrates high‑availability setup using Keepalived.
What is HAProxy
HAProxy is a free load‑balancing software that runs on most Linux distributions. It provides both L4 (TCP) and L7 (HTTP) balancing with a rich set of features.
Core Functions
Load balancing: L4 and L7 modes, many algorithms (RR, static‑RR, LC, IP‑Hash, URI‑Hash, URL_PARAM Hash, HTTP_HEADER Hash, etc.)
Health checking: supports TCP and HTTP health checks
Session persistence: Insert/Rewrite/Prefix cookies and various hash methods
SSL termination: HAProxy can decrypt HTTPS and forward plain HTTP to back‑ends
HTTP request rewriting and redirection
Monitoring and statistics: built‑in web stats page, can be scraped by custom monitors
Key Features
Performance
Single‑threaded, event‑driven, non‑blocking architecture processes hundreds of requests in <1 ms and uses only a few KB per session.
O(1) event checker, zero‑copy forwarding and other kernel‑level optimisations keep CPU usage low.
In tests a single HAProxy process handled over 100 k requests / s and saturated a 10 Gbps link.
Stability
HAProxy runs as a single process; the author reports no crash‑inducing bugs in 13 years of use. Stability depends on the underlying Linux kernel – a recent 2.6/3.x kernel with tuned sysctl parameters is recommended.
Use a Linux 2.6+ kernel.
Run HAProxy on a dedicated host.
Provide a standby node for hardware failures.
Initial sysctl tuning (example values):
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.ipv4.tcp_max_orphans = 60000
net.ipv4.tcp_synack_retries = 3
net.core.somaxconn = 10000Installation on CentOS 7 (HAProxy 1.7.2)
wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz
tar -xzf haproxy-1.7.2.tar.gz
make PREFIX=/home/ha/haproxy TARGET=linux2628
make install PREFIX=/home/ha/haproxyCreate a system user “ha”, then create /home/ha/haproxy/conf/haproxy.cfg with a minimal configuration:
global
daemon
maxconn 256
pidfile /home/ha/haproxy/conf/haproxy.pid
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:8080
default_backend servers
backend servers
server server1 127.0.0.1:8000 maxconn 32Ensure ulimit -n is at least maxconn*2+18.
Running HAProxy as a Service
Create /etc/init.d/haproxy with start/stop/restart functions (script omitted for brevity) and enable it.
Logging with rsyslog
Add to the global and defaults sections:
log 127.0.0.1 local0 info
log 127.0.0.1 local1 warningConfigure /etc/rsyslog.d/haproxy.conf to write local0 to /var/log/haproxy.log and local1 to /var/log/haproxy_warn.log, then restart rsyslog.
Log Rotation
Create /root/logrotate/haproxy with daily rotation, keep 7 files, compress, and post‑rotate restart rsyslog.
L7 Load‑Balancing Example
Deploy six Nginx back‑ends (ms1, ms2, def groups) on two hosts, each serving a simple demo.html. Then use the following HAProxy configuration (excerpt):
frontend http-in
bind *:9001
acl url_ms1 path_beg -i /ms1/
acl url_ms2 path_beg -i /ms2/
use_backend ms1 if url_ms1
use_backend ms2 if url_ms2
default_backend default_servers
backend ms1
balance roundrobin
cookie HA_STICKY_ms1 insert indirect nocache
server ms1.srv1 192.168.8.111:8080 cookie ms1.srv1 maxconn 300 check
server ms1.srv2 192.168.8.112:8080 cookie ms1.srv2 maxconn 300 check
backend ms2
balance roundrobin
cookie HA_STICKY_ms2 insert indirect nocache
server ms2.srv1 192.168.8.111:8081 cookie ms2.srv1 maxconn 300 check
server ms2.srv2 192.168.8.112:8081 cookie ms2.srv2 maxconn 300 check
backend default_servers
balance roundrobin
cookie HA_STICKY_def insert indirect nocache
server def.srv1 192.168.8.111:8082 cookie def.srv1 maxconn 300 check
server def.srv2 192.168.8.112:8082 cookie def.srv2 maxconn 300 check
listen stats
bind *:1080
stats uri /stats
stats refresh 30s
stats auth admin:adminAccess http://<master_ip>:1080/stats to view real‑time metrics, test health checks, URI‑based routing, and session persistence.
L4 Mode
Switch mode tcp in the defaults section for pure TCP load balancing. Session persistence can be achieved with balance source or stick‑tables.
High Availability with Keepalived
Install Keepalived, configure a VRRP instance that tracks HAProxy health via killall -0 haproxy, and assign a virtual IP (e.g., 192.168.8.201). The master node holds the VIP; if it fails, the backup automatically takes over.
vrrp_instance VI_1 {
state MASTER
interface enp0s25
virtual_router_id 51
priority 101
advert_int 1
virtual_ipaddress {
192.168.8.201
}
track_script {
chk_haproxy
}
}Start both Keepalived instances and verify that the virtual IP moves to the backup when the master HAProxy stops.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.