HAProxy Installation and Configuration on Ubuntu 22.04
HAProxy (High Availability Proxy) is an open-source proxy application that functions as a reverse or forward proxy for TCP and HTTP-based applications. On Ubuntu 22.04, you can deploy HAProxy to distribute incoming traffic across multiple backend servers, reducing load and enhancing overall application performance.
HAProxy serves as the main gateway that manages all external requests directed to backend servers hosting web services, databases, or file management applications. Once a client initiates a request, HAProxy evaluates the request and routes it to a backend server according to the configured rules. The backend processes the request and returns the response to the client. Throughout this process, HAProxy acts as the entry point, balancing traffic across destination servers based on configuration rules.
Prerequisites
Within a single location, ensure the following:
- Deploy one Ubuntu 22.04 instance to act as the HAProxy server.
- Deploy at least two Ubuntu 22.04 instances as backend servers.
- Attach all servers to the same VPC 2.0 network.
- Create a domain A record pointing to your HAProxy server’s IP address (e.g., haproxy.example.com).
Sample HAProxy Load Balancing Topology
The following example illustrates how HAProxy distributes requests to backend servers running Apache web server. Based on server health and your chosen balancing method, HAProxy forwards client connections accordingly.
Example HAProxy Network
Below are the IP details for each server in the VPC 2.0 network:
- HAProxy Server
Public Hostname: haproxy.example.com
VPC 2.0 IP: 10.128.0.2 - Server 1
VPC 2.0 IP: 10.128.0.3 - Server 2
VPC 2.0 IP: 10.128.0.4
Install HAProxy on Ubuntu 22.04
Follow these steps on the HAProxy server:
1. Connect to the Server via SSH
$ ssh root@SERVER-IP
2. Create a Non-Root User with Sudo Rights
# adduser haproxyadmin && adduser haproxyadmin sudo
3. Switch to the New User
# su - haproxyadmin
4. Update the Package Index
$ sudo apt update
5. Install HAProxy
$ sudo apt install haproxy -y
If the required version is not available in the default APT repositories, install a specific release via the vbernat PPA:
$ sudo add-apt-repository ppa:vbernat/haproxy-2.8 -y
6. Enable HAProxy at Boot
$ sudo systemctl enable haproxy
7. Check HAProxy Status
$ sudo systemctl status haproxy
Output:
…
Active: active (running)
Configure the HAProxy Server
The main HAProxy configuration file located at /etc/haproxy/haproxy.cfg determines how the application operates and listens for client connections. By default, the file contains the following sections:
- global: Defines how HAProxy runs on the system. Options include logging, user/group settings, service mode, and SSL configuration.
- defaults: Sets performance-related defaults such as timeouts and connection mode. For example,
httptreats all incoming traffic as HTTP, whiletcphandles raw TCP connections.
Follow the steps below to extend the configuration with additional sections that define how HAProxy distributes load to backend servers in the VPC 2.0 network.
1. Back Up the Default Configuration
$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup
2. Edit the Configuration File
$ sudo nano /etc/haproxy/haproxy.cfg
3. Add Load Balancer Configuration
frontend website-frontend
bind *:80,*:443
option httpchk GET /healthcheck
default_backend servers
backend servers
balance roundrobin
server server-1 10.128.0.3:80 weight 1 check
server server-2 10.128.0.4:80 weight 1 check
Explanation:
- frontend: The section
website-frontendinstructs HAProxy to listen on ports 80 (HTTP) and 443 (HTTPS). option httpchk: Performs health checks on the backend servers.default_backend: Defines the backend pool used for traffic distribution.- backend: The
serversgroup defines the actual target servers. balance roundrobin: Distributes connections evenly between servers.server: Configures individual servers with health check options and weight for load balancing.
4. Enable HAProxy Statistics
Append the following configuration to provide a monitoring dashboard:
listen stats
bind *:8404
mode http
stats enable
stats uri /stats
stats auth admin:your_password
stats refresh 10s
This configuration allows access to a real-time statistics page showing metrics such as sessions, requests, response times, and errors.
5. Restart HAProxy
$ sudo systemctl restart haproxy
6. Configure the Firewall
Uncomplicated Firewall (UFW) blocks connections by default on servers. Allow required ports:
Allow HTTP traffic:
$ sudo ufw allow 80/tcp
Allow access to the statistics page:
$ sudo ufw allow 3804/tcp
Reload UFW to apply changes:
$ sudo ufw reload
7. Test Connectivity to Backend Servers
Verify connections using ping:
Server 1
$ ping 10.128.0.3
Sample Output:
2 packets transmitted, 2 received, 0% packet loss
Server 2
$ ping 10.128.0.4
Sample Output:
2 packets transmitted, 2 received, 0% packet loss
Configure the Backend Servers
HAProxy runs health checks on backend servers to verify availability. If a server fails, it is removed from the pool until it responds again. Follow the steps below on each backend server:
1. Connect to Backend Server
$ ssh root@10.128.0.3
2. Create a New User
# adduser sysadmin && adduser sysadmin sudo
3. Switch to the User
# su - sysadmin
4. Update the Package Index
$ sudo apt update
5. Install Apache Web Server
$ sudo apt install apache2 -y
6. Enable Apache
$ sudo systemctl enable apache2
7. Configure Apache Web Root
Move into the document root and replace the default index:
$ cd /var/www/html/
$ sudo mv index.html index.BAK
$ sudo nano index.html
Server-1 index.html:
Hello!
This content is served by Server 1.
Server-2 index.html:
Hello!
This content is served by Server 2.
8. Assign Permissions
$ sudo chown -R www-data:www-data /var/www/html/index.html
9. Restart Apache
$ sudo systemctl restart apache2
10. Verify Network Interface
$ ip a
The VPC interface name should resemble enp8s0 in the output.
11. Allow HTTP Traffic on VPC Interface
$ sudo ufw allow in on enp8s0 to any port 80
$ sudo ufw reload
At this stage, the HAProxy server distributes incoming requests evenly to backend servers, and each server returns its configured index page as the response.
Access the HAProxy Accelerated Web Application
HAProxy distributes incoming requests in a round-robin fashion to backend servers inside the VPC 2.0 network. Depending on server health, requests are rotated evenly among servers to prevent a single server from being overloaded. Follow the steps below to confirm that your backend servers respond correctly through HAProxy.
1. Open Your HAProxy Domain
In a web browser (e.g., Chrome), visit your HAProxy server domain:
http://haproxy.example.com
When loaded, the application should display in the browser. The first request may be served by Server 1, while subsequent requests are forwarded to other servers in the backend pool.
Example:
- Initial request → Server 1 delivers its web page via HAProxy.
- Next refresh → Server 2 responds with its content.
- Another refresh → Server 1 responds again, demonstrating round-robin load balancing.
2. Access the HAProxy Statistics Page
To monitor HAProxy activity, open the stats interface on port 8404:
http://haproxy.example.com:8404
Log in using the administrative username and password defined with the stats auth directive in your configuration.
Once logged in, the HAProxy statistics dashboard will appear in your browser, showing metrics for both frontend and backend performance.
3. Monitor Your Application
Within the statistics interface, you can track live traffic, view connection rates, and detect performance bottlenecks. This enables efficient troubleshooting and optimization of your web application.
Conclusion
You have successfully deployed and configured HAProxy to balance traffic between multiple backend servers in a VPC 2.0 network. With HAProxy, your application becomes more resilient and reliable by intelligently managing client requests. Depending on your needs, you can scale backend servers and experiment with different load balancing algorithms to further enhance overall performance.
