How to setup HAProxy on CentOS RHEL 9 and 8

5 feb 2024 3 min di lettura
How to setup HAProxy on CentOS RHEL 9 and 8
Indice dei contenuti

Introduction

HAProxy is free, open source software that provides a highly available load balancer and proxy server for TCP and HTTP-based applications. It is particularly suitable for high-traffic websites and powers a good number of the most visited ones in the world. Configuring HAProxy on CentOS/RHEL (Red Hat Enterprise Linux) can enhance your network infrastructure by improving its performance and reliability.

This guide will walk you through the steps needed to install and configure HAProxy on CentOS/RHEL 9/8.

Prerequisites

  • A CentOS/RHEL 9/8 server
  • A non-root user with sudo privileges

Step 1: Update your system

Before installing any packages, it is a good idea to update your system's package index. This ensures that you have the latest updates and security patches.

sudo dnf update

Step 2: Install HAProxy

HAProxy is available in the default CentOS/RHEL repositories. Install it using the following command:

sudo dnf install haproxy

Step 3: Configure HAProxy

After installation, the next step is to configure HAProxy according to your needs. The main configuration file for HAProxy is /etc/haproxy/haproxy.cfg. You will need to modify this file with your configuration. Use a text editor like nano or vim to edit the file:

sudo nano /etc/haproxy/haproxy.cfg

Basic configuration

Below is a basic configuration example that sets up HAProxy as a load balancer for two web servers:

global
 log /dev/log local0
 log /dev/log local1 notice
 chroot /var/lib/haproxy
 stats socket /run/haproxy/admin.sock mode 660 level admin
 stats timeout 30s
 user haproxy
 group haproxy
 daemon

 # Default SSL material locations
 ca-base /etc/ssl/certs
 crt-base /etc/ssl/private

 # Update to use only TLS 1.3 and TLS 1.2
 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
 ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
 ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

 defaults
 log global
 mode http
 option httplog
 option dontlognull
 timeout connect 5000ms
 timeout client 50000ms
 timeout server 50000ms
 errorfile 400 /etc/haproxy/errors/400.http
 errorfile 403 /etc/haproxy/errors/403.http
 errorfile 408 /etc/haproxy/errors/408.http
 errorfile 500 /etc/haproxy/errors/500.http
 errorfile 502 /etc/haproxy/errors/502.http
 errorfile 503 /etc/haproxy/errors/503.http
 errorfile 504 /etc/haproxy/errors/504.http

 frontend http-in
 bind *:80
 # Enable TLS 1.3 and TLS 1.2 on HTTPS connections
 bind *:443 ssl crt /etc/haproxy/certs/example.com.pem alpn h2,http/1.1
 redirect scheme https if!{ ssl_fc }
 acl url_static path_beg -i /static /images /javascript /stylesheets
 acl url_static path_end -i.jpg.gif.png.css.js

 use_backend static if url_static
 default_backend app

 backend static
 balance roundrobin
 server static1 192.168.1.101:80 check
 server static2 192.168.1.102:80 check

 backend app
 balance roundrobin
 cookie SERVERID insert indirect nocache
 server app1 192.168.1.103:80 check cookie app1
 server app2 192.168.1.104:80 check cookie app2

 listen stats
 bind *:8080
 stats enable
 stats uri /haproxy?stats
 stats hide-version
 stats auth admin:admin

This configuration tells HAProxy to listen on port 80 for incoming HTTP traffic (http_front frontend) and load balance between two backend servers (http_back backend) using the round-robin algorithm.

The stats uri /haproxy?stats line enables the statistics page at the URL /haproxy?stats, where you can view useful statistics about the HAProxy server.

Save and exit

Once you've configured HAProxy to your liking, save the file and exit the text editor.

Step 4: Enable and launch HAProxy

With HAProxy configured, the next step is to enable it to start on boot and then start the service immediately:

sudo systemctl enable haproxy
sudo systemctl start haproxy

To ensure HAProxy is running, you can check its status with:

sudo systemctl status haproxy

Step 5: Change your firewall settings

If you have a firewall enabled, you will need to allow traffic through the port that HAProxy is listening on. For example, to allow traffic on port 80, you can use:

sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload

Conclusion

You have successfully installed and configured HAProxy on your CentOS/RHEL 9/8 server. HAProxy is now configured to distribute incoming network traffic to backend servers, increasing the reliability and performance of your application. Don't forget to check HAProxy's statistics page regularly to monitor its performance and make any necessary adjustments.

Support us with a

Successivamente, completa il checkout per l'accesso completo a Noviello.it.
Bentornato! Accesso eseguito correttamente.
Ti sei abbonato con successo a Noviello.it.
Successo! Il tuo account è completamente attivato, ora hai accesso a tutti i contenuti.
Operazione riuscita. Le tue informazioni di fatturazione sono state aggiornate.
La tua fatturazione non è stata aggiornata.