HAProxy is an open source, it's a very fast and reliable solution for Load balancing, high availability and proxying for TCP and HTTP. This is suitable for high traffic websites and the most visited ones.
This post describes how to install the HAProxy and simple TCP configuration with maximum connections. We'll be using Ubuntu 14.04.3 LTS as our base operating system and install haproxy-1.6 version. Before starting to build that HAProxy we need to make sure that the dependencies are installed in the system.
Install Dependencies:
# sudo aptitude update
# sudo aptitude install build-essential make g++ libssl-dev
# sudo aptitude install build-essential make g++ libssl-dev
Next, select your HAPorxy version based on our operating system, because of it's provides various versions to use in Debian and Ubuntu.
Open this URL to view different version and choose package suitably.
http://haproxy.debian.net/
You need to enable a dedicated PPA with the following command:
# apt-get install software-properties-common
# add-apt-repository ppa:vbernat/haproxy-1.6
# add-apt-repository ppa:vbernat/haproxy-1.6
Then, execute the following commands to update and install haproxy-1.6 ,
# apt-get update
# apt-get install haproxy
# apt-get install haproxy
To find the version,
# haproxy -v
HA-Proxy version 1.6.4 2016/03/13
Copyright 2000-2016 Willy Tarreau
The below commands are start, stop, restart and status of the HAProxy service,
# service haproxy start
# service haproxy stop
# service haproxy restart
# service haproxy status
# service haproxy stop
# service haproxy restart
# service haproxy status
Configuration :
Basic configuration for TCP connections frontend and backend,
TCP connection port number is 1900 (frontend and backend).
maxconn 2000000
mode tcp
balance roundrobin
192.168.1.100:1900
192.168.1.101:1900
192.168.1.102:1900
Open your HAProxy configuration file, remove the existing lines and add all lines into it or check and append the below lines,
# vim /etc/haproxy/haproxy.cfg
global
log /dev/log local0 debug
log /dev/log local2 info
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2000000
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
##### ~HAPROXY FRENTEND~ ######
frontend haproxymaster
bind *:1900
mode tcp
maxconn 2000000
tcp-request inspect-delay 3s
timeout client 1m
#Define Backend
default_backend thelinuxfaq
##### ~HAPROXY FRENTEND~ ######
backend thelinuxfaq
mode tcp
balance roundrobin
stick store-request src
server your-hostname 192.168.1.100:1900 check
server your-hostname 192.168.1.101:1900 check
server your-hostname 192.168.1.102:1900 check
timeout connect 10s
timeout server 1m
defaults
log global
log 127.0.0.1:514 local0 # only send important events
log 127.0.0.1:514 local0 notice # same but the limit output level
log ${LOCAL_SYSLOG}:514 local0 notice # send to a local server
mode tcp
option tcplog
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#view on UI (Webbrowser)
listen stats
bind :1936
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth username:password
stats uri /haproxy?stats
Finally, save and restart the HAProxy service.
If you want to view the HAProxy Statistics Report on the web browser. Assume that, If your server IP address is 192.168.1.200,
URL : http://192.168.1.200:1936/haproxy?stats
User Name : username
Password : password
Comments (0)