How to Setup HAProxy for Load Balancing On Ubuntu 16.04

Prerequisites

  1. A valid Alibaba Cloud account (sign up now for a free trial)
  2. 3 ECS instances running Ubuntu 16.04 Operating System
  3. A non-root user that can perform sudo privileges on all 3 instances
  1. haproxy-server : public IP address 198.18.0.1
  2. backend-server1 : private IP address 172.16.0.1, public IP address 198.18.0.1
  3. backend-server2 : private IP address 172.16.0.2, public IP address 198.18.0.2
  1. HaProxy-server : Port 80 http and port 32600 for statistics
  2. backend-server1 : Port 8080 for http
  3. backend-server2 : Port 8080 for http

Step 1: Configuring haproxy-server (Frontend)

SSH to the first ECS instance using its Public IP address. This is where we are going to install HaProxy Server.

$ sudo apt-get update
$ sudo apt-get install haproxy

Step 2: Configuring HaProxy

When HaProxy is installed, a standard configuration file is created at /etc/haproxy/haproxy.cfg. We will need to edit this file to do some changes using a nano editor:

$ sudo nano /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ourwebsitefrontend
bind *:80
mode http
default_backend ourwebsiteendpoint
backend ourwebsiteendpoint
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server backend-server1 172.16.0.1:8080 check
server backend-server2 172.16.0.2:8080 check
listen stats
bind :32600
stats enable
stats uri /
stats hide-version
stats auth username:password
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ourwebsitefrontend
bind *:80
mode http
default_backend ourwebsiteendpoint
backend ourwebsiteendpoint
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server backend-server1 172.16.0.1:8080 check
server backend-server2 172.16.0.2:8080 check
listen stats
bind :32600
stats enable
stats uri /
stats hide-version
stats auth username:password
$ sudo service haproxy restart

Step 3: Configuring the First Backend Server (backend-server1)

Next, login to the first backend server and change the hostname to backend-server1 using the command below:

$ sudo nano /etc/hostname
backend-server1
$ sudo nano /etc/hosts
127.0.0.1   localhost
127.0.1.1 backend-server1
...
$ sudo reboot
$ sudo apt-get update
$ sudo apt-get install apache2
$ sudo nano /etc/apache2/ports.conf
$ Listen 80
$ Listen 8080
$ sudo nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
<VirtualHost *:8080>
$ sudo systemctl restart apache2
$ sudo rm /var/www/html/index.html
$ sudo nano  /var/www/html/index.html
<html>
<head>
<title>Back End Server 1</title>
</head>
<body>
<h1>Success! The Backend Server 1 is working!</h1>
</body>
</html>

Step 4: Configuring the Second Backend Server (backend-server2)

We need to configure our second backend server just like we have done for the first server. We start by changing the hostname

$ sudo nano /etc/hostname
backend-server2
$ sudo nano /etc/hosts
127.0.0.1   localhost
127.0.1.1 backend-server2
...
$ sudo reboot
$ sudo apt-get update
$ sudo apt-get install apache2
$ sudo nano /etc/apache2/ports.conf
$ Listen 80
$ Listen 8080
$ sudo nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
<VirtualHost *:8080>
$ sudo systemctl restart apache2
$ sudo rm /var/www/html/index.html
$ sudo nano  /var/www/html/index.html
<html>
<head>
<title>Back End Server 2</title>
</head>
<body>
<h1>Success! The Backend Server 2 is working!</h1>
</body>
</html>

Step 5: Testing the Configuration

We now have the correct environment for High Availability and load balancing on our Alibaba server. We can now visit our HaProxy server to see if the load is going to be distributed to our backend servers in a balanced manner.

http://198.18.0.1

Step 6: Reviewing HaProxy Stats

You can visit HaProxy stats page by typing the public IP address of HaProxy server followed by “:32600”. That is the port that we specified on the HaProxy configuration file and as indicated above, it must be opened on the security group associated with your ECS instance.

http://198.18.0.1:32600

Conclusion

On this guide, we have taken you through the steps of configuring HAProxy server on your Alibaba Cloud ECS running Ubuntu 16.04. We have setup two web servers and demonstrated that load balancing is working as expected. You can now upload your website or application file and even connect the backend servers to your database to create a fully working load balanced HTTP service for your web application.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com