How to install HAProxy on Ubuntu 16

HAProxy is an open-source Linux tool that provides high availability load balancing and proxy services for TCP and HTTP-based network applications. Fue to its easy integration into existing architectures, suitability for high-traffic websites, extreme reliability, and focus on upwards compatibility, it is shipped by default by most mainstream Linux distros.

One of the most basic yet useful features of HAProxy is its proxy service, which is the focus of this tutorial. The proxy service allows for server-side protection against client-side attacks or defects, transparent connections, server offloading, enforcement of policies, protocols, and timeouts, as well as the ability to limit connections in and out to particular namespaces. These abilities of HAProxy make it a powerful tool for any Ubuntu user.

Getting Started

To complete this guide, you will need the following:
• 1 Node (Cloud Server or Dedicated Server) running a clean installation of Ubuntu 16.
• All commands should be run as the root user or with sudo capabilities

Prepare Your System

Before you can install HAProxy on your system, you must update your Ubuntu instance. First, execute the following command as root or using sudo to update your system with information about the latest versions of packages from the Ubuntu base repositories.

sudo apt-get update

Next, you can update packages on your system with the information fetched above to get the latest releases of installed packages:

sudo apt-get upgrade

Setup HAProxy
HAProxy can be installed directly from Ubuntu’s provided package repositories using this command. Enter yes when prompted and wait for the installation to complete:

sudo apt-get install haproxy

Because HAProxy is disabled initially, use the command sed to set HAProxy’s status to enabled:

sed -i "s/ENABLED=0/ENABLED=1/g" /etc/default/haproxy

Start up the HAProxy service:

/etc/init.d/haproxy start

HAProxy must be configured with basic information for ports to use in order to begin using its services. The configuration file located in /etc/haproxy/haproxy.cfg has two sections, global, which sets process-wide parameters, and proxies, which consists of the defaults, listen, front-end, and back-end sections.

To begin configuration, open the configuration file with the text editor vi:

sudo vi /etc/haproxy/haproxy.cfg

The default configuration file will look something like the following. The front-end defines how requests should be handled and sent to the backend server:

# This is an example of the default configuration file.
global
log /dev/log daemon
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /run/haproxy/admin.sock mode 660 level admin

defaults
log global
option logs-health-checks
option log-separate-errors
option dontlog-normal
option socket-stats
retries 3
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s

To add a listener on port 80 on localhost for our http proxy, add the following lines to the bottom of the configuration file. The port is configured with bind:

frontend my-http-frontend
bind :80
mode http
default_backend my-http-backend

Below is an example of a basic configuration file for HAProxy including two back-end servers (192.168.1.10 and 192.168.1.11) for HTTP and HTTPS. A back-end server is a machine that handles forwarded requests from the front-end and is defined by its servers and ports as well as which load algorithm to use.

For HTTPS, we must use the TCP mode unless the haproxy-devel package is installed, which allows https with ssl offloading and certificate configuration. Note that we also enable the “stats page” section to allow you to better monitor the status of each proxy port:

# This is an example of the default configuration file that has been modified for two back-end servers and to use stats.
global
log /dev/log daemon
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /run/haproxy/admin.sock mode 660 level admin

defaults
log global
option log-health-checks
option log-separate-errors
option dontlog-normal
option socket-stats
retries 3
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s

frontend my-http-frontend
bind :80
mode http
default_backend my-http-backend

frontend my-https-frontend
bind :443
mode tcp
default_backend my-https-backend

backend my-http-backend
mode http
server s1 192.168.1.10 check
server s2 192.168.1.11 check

backend my-https-backend
mode tcp
server s1 192.168.1.10 check
server s2 192.168.1.11 check

listen stats
bind :9000
stats enable
stats hide-version
stats refresh 20s
stats show-node
stats uri /stats

The basic configuration above will allow you to send traffic on port 80 and 443 of your two back-end web servers. Restart your HAProxy instance to activate the changes performed in the configuration file:

/etc/init.d/haproxy restart

Confirm HAProxy is Running

You can check the status quickly on the command line to see if HAProxy is currently running:

sudo service haproxy status

You can also visit the stats url we configured above to confirm that the ports are opened and traffic can flow through. Simply navigate to your proxy IP on port 9000. For example, go to http://localhost:9000

Enable your HAProxy instance to load on boot. Simply execute the following command:

update-rc.d haproxy defaults

You can also monitor the status of your proxy from the command line using HATOP. HATOP is a third-party application that extracts the statistics from a socket file created by HAProxy. Download the HATOP package and confirm with y for yes when prompted:

sudo apt-get install hatop

Normally when calling HATOP, you must use the -s parameter with the command sudo hatop -s /var/run/haproxy.sock. To avoid having to enter the -s parameter when calling HATOP, you may insert the following line in your ~/.bashrc file:

export unix-socket=SOCKET

Conclusion

After completing this tutorial, you will have a running HAProxy-style proxy service that redirects requests to your desired back-end servers that you can monitor with HATOP. If this guide was helpful to you, kindly share it with others who may also be interested.