Never Ending Security

It starts all here

How To use HAProxy as a HTTP Load Balancer on Linux

How to: HAProxy – HTTP load balancer

HTTP load balancing is a networking solution responsible for distributing incoming HTTP or HTTPS traffic among servers hosting the same application content. By balancing application requests across multiple available servers, a load balancer prevents any application server from becoming a single point of failure, thus improving overall application availability and responsiveness. It also allows you to easily scale in/out an application deployment by adding or removing extra application servers with changing workloads.

As load balancers improve server utilization and maximize availability, you should use it whenever your servers start to be under high loads. Or if you are just planning your architecture for a bigger project, it’s a good habit to plan usage of load balancer upfront. It will prove itself useful in the future when you need to scale your environment.


What is HAProxy?

HAProxy is a popular open-source load balancer and proxy for TCP/HTTP servers on GNU/Linux platforms. Designed in a single-threaded event-driven architecture, HAproxy is capable of handling 10G NIC line rate easily, and is being extensively used in many production environments. Its features include automatic health checks, customizable load balancing algorithms, HTTPS/SSL support, session rate limiting, etc.

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications by spreading requests across multiple servers. It is written in C  and has a reputation for being fast, efficient (in terms of processor and memory usage) and stable.

HAProxy is used by a number of high-profile websites including GitHub, Stack Overflow, Reddit, Tumblr, and Twitter and is used in the OpsWorks product from Amazon Web Services.

HAProxy is free and open-source software subject to the terms of the GNU General Public License (GPL) version 2.


Load Balancing Algorithms

The load balancing algorithm that is used determines which server, in a backend, will be selected when load balancing. HAProxy offers several options for algorithms. In addition to the load balancing algorithm, servers can be assigned a weight parameter to manipulate how frequently the server is selected, compared to other servers.

Because HAProxy provides so many load balancing algorithms, we will only describe a few of them here.

A few of the commonly used algorithms are as follows:

  • roundrobin
    Round Robin selects servers in turns. This is the default algorithm.
  • leastconn
    Selects the server with the least number of connections–it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.
  • source
    This selects which server to use based on a hash of the source IP i.e. your user’s IP address. This is one method to ensure that a user will connect to the same server.

Health Check

HAProxy uses health checks to determine if a backend server is available to process requests. This avoids having to manually remove a server from the backend if it becomes unavailable. The default health check is to try to establish a TCP connection to the server i.e. it checks if the backend server is listening on the configured IP address and port.

If a server fails a health check, and therefore is unable to serve requests, it is automatically disabled in the backend i.e. traffic will not be forwarded to it until it becomes healthy again. If all servers in a backend fail, the service will become unavailable until at least one of those backend servers becomes healthy again.

For certain types of backends, like database servers in certain situations, the default health check is insufficient to determine whether a server is still healthy.


Install HAProxy

In Debian we need to add backports for Wheezy. To do that, please create a new file called “backports.list” in /etc/apt/sources.list.d, with the following content:

deb wheezy­backports main

Refresh your repository data and install HAProxy.

# apt­ get update
# apt ­get install haproxy

Install HAProxy on Ubuntu

# apt ­get install haproxy

Configure HAProxy

Scenario: two HTTP web servers up and running with IP addresses and Load balancer configured at a server with IP address To make HAProxy functional, you need to change a number of items in /etc/haproxy/haproxy.cfg.

Configure Logging

One of the first things you should do is to set up proper logging for your HAProxy, which will be useful for future debugging. Log configuration can be found in the global section of /etc/haproxy/haproxy.cfg :

log /dev/log        local0 
log /dev/log        local1 notice 

Change to:

log local0 

To configure separate log files for HAProxy, edit a file called haproxy.conf (or 49-haproxy.conf in Debian) in /etc/rsyslog.d/ with the following content.

$ModLoad imudp 
$UDPServerRun 514  
$template Haproxy,"%msg%\n" 
local0.=info ­/var/log/haproxy.log;Haproxy 
local0.notice ­/var/log/haproxy­status.log;Haproxy 
local0.* ~ 

This configuration will separate all HAProxy messages based on the $template to log files in /var/log. Now restart rsyslog to apply the changes.

# service rsyslog restart

Setting Defaults

Find the defaults section in /etc/haproxy/haproxy.cfg, and replace it with the following configuration.

log     global 
mode    http 
option  httplog 
option  dontlognull 
retries 3 
option redispatch 
maxconn 20000 
contimeout      5000 
clitimeout      50000 
srvtimeout      50000

Note: This configuration is recommended for HTTP load balancer but it may not be the optimal solution for your environment.

Webfarm Configuration

Webfarm configuration defines the pool of available HTTP servers. Most of the settings for our load balancer will be placed here. Replace all of the configuration from frontend section until the end of file with the following code:

listen webfarm *:80 
       mode http 
       stats enable 
       stats uri /haproxy?stats 
       stats realm Haproxy\ Statistics 
       stats auth haproxy:stats 
       balance roundrobin 
       cookie LBN insert indirect nocache 
       option httpclose 
       option forwardfor 
       server web01 cookie node1 check 
       server web02 cookie node2 check 

The line “listen webfarm *:80″ defines on which interfaces our load balancer will listen. In a real world scenario, this should be replaced with an interface that is accessible from the internet.

stats enable 
stats uri /haproxy?stats 
stats realm Haproxy\ Statistics 
stats auth haproxy:stats 

The above settings declare that our load balancer statistics can be accessed on http://<load-balancer-IP>/haproxy?stats. The access is secured with a simple HTTP authentication with login name “haproxy” and password “stats”. These settings should be replaced with your own credentials. If you don’t need to have these statistics available, then completely disable them.

Start HAProxy

When you are done with the configuration, it’s time to start HAProxy and verify that everything is working as intended.

Start HAProxy with:

# service haproxy start

Don’t forget to enable port 80 in the firewall by adding the following line into /etc/iptables.up.rules:

A INPUT ­p tcp ­­dport 80 ­j ACCEPT

Test HAProxy

To check whether HAproxy is working properly, we can do the following. First, prepare test.php file with the following content:

header('Content-Type: text/plain');
echo "Server IP: ".$_SERVER['SERVER_ADDR'];
echo "\nX-Forwarded-for: ".$_SERVER['HTTP_X_FORWARDED_FOR'];

This PHP file will tell us which server (i.e., load balancer) forwarded the request, and what backend web server actually handled the request. Place this PHP file in the root directory of both backend web servers. Now usecurl command to fetch this PHP file from the load balancer (

$ curl

When we run this command multiple times, we should see the following two outputs alternate (due to the round robin algorithm).

Server IP:
Server IP:

If we stop one of the two backend web servers, the curl command should still work, directing requests to the other available web server.

By now you should have a fully operational load balancer that supplies your web nodes with requests in round robin mode.

More information can be found at: and at:


2 responses to “How To use HAProxy as a HTTP Load Balancer on Linux

  1. Snail Battles Hack 28 May 2015 at 14:59

    Thank you a bunch for sharing this with all people you
    really recognise what you’re speaking approximately!
    Bookmarked. Kindly also talk over with my website =). We can have a link alternate arrangement among

  2. sims 4 play online free 28 May 2015 at 14:33

    What i don’t realize is actually how you’re no longer
    really a lot more smartly-appreciated than you might be right now.
    You’re so intelligent. You know therefore significantly relating to this matter, produced me in my opinion believe
    it from so many varied angles. Its like women and men aren’t fascinated except it’s something to do with Girl gaga!
    Your personal stuffs outstanding. At all times
    deal with it up!

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s