Master HAProxy: Step‑by‑Step Installation, Configuration, and Advanced Load Balancing

HAProxy Installation and Configuration Guide

HAProxy is a high‑performance open‑source load balancer and reverse proxy that operates at Layer 4 (TCP) and Layer 7 (HTTP). It distributes client requests across multiple backend servers, providing high availability, session persistence, and extensive health‑checking capabilities.

1. Introduction

HAProxy supports both TCP and HTTP modes, multiple load‑balancing algorithms, ACL‑based routing, SSL termination, and a powerful statistics interface.

2. Installation

2.1 YUM Installation

sudo yum install haproxy -y

2.2 RPM Package

# download a suitable RPM and install it
sudo yum install -y https://pkgs.org/download/haproxy

2.3 Source Compilation

sudo yum install -y make gcc pcre pcre-devel bzip2-devel openssl openssl-devel
wget https://www.haproxy.org/download/3.0/src/haproxy-3.0.9.tar.gz
tar -xzf haproxy-3.0.9.tar.gz
cd haproxy-3.0.9
make TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 USE_SYSTEMD=1
sudo make install PREFIX=/usr/local/haproxy
sudo ln -s /usr/local/haproxy/sbin/haproxy /usr/sbin/haproxy

3. Core Configuration

3.1 Global Section

global
    log /dev/log local2 notice
    user haproxy
    group haproxy
    daemon
    nbproc 4                # number of processes (usually CPU cores)
    maxconn 50000           # global max connections
    stats socket /var/lib/haproxy/stats mode 660 level admin
    stats timeout 30s
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
    tune.ssl.default-dh-param 2048
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

3.2 Defaults Section

defaults
    mode http
    log global
    option httplog
    option dontlognull
    option forwardfor except 127.0.0.0/8
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout http-request 10s
    option httpchk GET /health
    http-check expect status 200
    default-server inter 1000 rise 3 fall 3

3.3 Frontend

frontend http_in
    bind *:80
    mode http
    option httplog
    option forwardfor
    acl is_api path_beg /api
    use_backend api_servers if is_api
    default_backend static_servers

3.4 Backend

backend api_servers
    balance roundrobin
    server api1 10.0.0.1:8080 check weight 2
    server api2 10.0.0.2:8080 check

backend static_servers
    balance static-rr
    server static1 10.0.0.3:80 check
    server static2 10.0.0.4:80 check

3.5 Listen

listen web
    bind *:80
    mode http
    balance roundrobin
    server s1 192.168.1.10:80 check
    server s2 192.168.1.11:80 check

3.6 Load‑Balancing Algorithms

roundrobin – simple round‑robin (default)

static‑rr – weighted round‑robin

leastconn – server with the fewest active connections

source – hash of client IP address

uri – hash of request URI

url_param – hash of a query parameter

hdr – hash of a specific HTTP header (e.g., Cookie, X‑User‑ID)

3.7 ACL and Routing

# Example: route static content to a dedicated backend
acl is_static path_beg -i /static/ /images/
use_backend static_backend if is_static

3.8 Health Checks

# TCP level check (default)
server s1 10.0.0.5:80 check

# HTTP health check with expected status
option httpchk GET /health
http-check expect status 200
timeout check 10s
server s2 10.0.0.6:80 check inter 5s rise 2 fall 3

3.9 Statistics Interface

listen stats
    bind *:9000
    stats enable
    stats uri /haproxy_stats

4. Example Complete Configuration

global
    log /dev/log local2 notice
    daemon
    maxconn 50000

defaults
    mode http
    log global
    option httplog
    timeout connect 5s
    timeout client 30s
    timeout server 30s

frontend http_in
    bind *:80
    default_backend web_back

backend web_back
    balance roundrobin
    server web1 192.168.1.10:80 check
    server web2 192.168.1.11:80 check

listen stats
    bind *:9000
    stats enable
    stats uri /stats

For detailed explanations of each directive, refer to the sections above.