Master HAProxy: Step-by-Step Guide to 4‑Layer & 7‑Layer Load Balancing

HAProxy is a free, open‑source Linux application used for load balancing network traffic. This guide continues the discussion on configuring HAProxy for load balancing web applications and large sites.

Layer 4 (TCP) Load Balancing

Layer 4 operates at the transport layer, offering the fastest request processing because it only modifies packet headers (IP and MAC) and forwards them to an available server. The performance gain comes at the cost of reduced functionality and flexibility.

All servers must run identical application components, otherwise users may see inconsistent content. Layer 4 is ideal for small or low‑complexity sites.

Layer 7 (HTTP) Load Balancing

Layer 7 requires more CPU and memory but allows separating components onto different servers, making it suitable for large, complex sites. It can route traffic based on HTTP request details, enabling scenarios such as moving a forum to its own server cluster to relieve pressure on the main CMS.

Layer 7 inspects the HTTP request, matches it against policies, and forwards it accordingly (e.g., requests starting with /community are sent to the community server cluster).

SSL Handling

With TCP load balancing, SSL packets are simply forwarded to backend servers. With HTTP load balancing (e.g., Nginx), SSL must be terminated at the load balancer because the device cannot parse HTTP headers before decryption, which can create CPU bottlenecks.

Installation

HAProxy is included in CentOS/RedHat repositories. It can also be installed via EPEL or compiled from source.

Install via EPEL

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -ivh epel-release-6.8.noarch.rpm

yum install haproxy

Compile from Source

Install development tools.

Download the latest HAProxy source.

wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz

Extract the archive. tar xvzf haproxy-1.4.24.tar.gz Enter the directory. cd ./haproxy-1.4.24 Compile with optimizations for your hardware. make TARGET=linux2628 ARCH=native (or make TARGET=linux26 ARCH=i386 for i386 compatibility)

Install. make install Copy the binary. cp /usr/local/sbin/haproxy /usr/sbin/ Copy the init script.

cp /root/haproxy-1.4.24/examples/haproxy.init /etc/init.d/haproxy

Set executable permissions. chmod 755 /etc/init.d/haproxy Create a system user. useradd --system haproxy Create configuration directory.

mkdir -p /etc/haproxy

Configuration

Before creating load‑balancing clusters, set basic configuration. If installed via yum, a default file exists; otherwise create one.

Basic Configuration Example

global
    user haproxy
    group haproxy
    nbproc 1

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

The global section defines process‑wide settings such as the running user, group, and number of processes (recommended 1). The defaults section sets default mode and timeout values for connections.

Conclusion

The HAProxy server is now installed and its basic configuration is in place, though no backend servers have been added yet. The next article will cover practical configuration for specific load‑balancing types.