CentOS 7 – Establishing services’ high availability using HAProxy

How to enable Remote Desktop on Windows Server 2019

For this section, we are going to show in brief how to setup a high-availability/load balancer to control traffic over a specific service; in our case, we will use HTTP as for web server’s traffic.

Source: assets.digitalocean.com

For this job, we are using HAProxy as an open source solution for load balancing and services’ high availability through multiple servers. It is commonly used for a website’s traffic load balancing. HAProxy distributes the workload over many servers that offer the same services (basically web servers, databases, and so on) to improve the overall performance of the service and its reliability.

As we said earlier, this section is going to install and configure a high availability load balancer to share the load between three web servers and a backup server in case of server or service failure to take over.

So, we will have an infrastructure that looks like this:

  • HAProxy server:
    • OS: CentOS 7
    • IP address: and
    • Hostname: haproxy.packt.co.uk
  • Web server 1:
    • OS: CentOS 7
    • IP address:
    • Hostname: webserver1.packt.co.uk
  • Web server 2:
    • OS: CentOS 7
    • IP address:
    • Hostname: webserver2.packt.co.uk
  • Web server 3:
    • OS: CentOS 7
    • IP address:
    • Hostname: webserver3.packt.co.uk
  • Backup web server:
    • OS: CentOS 7
    • IP address:
    • Hostname: backupwebserver.packt.co.uk

First, we will start by setting the web servers and to do so, we will be only using the default page generated by Apache after being installed. For more information on how to setup a web server, you can always refer to Chapter 3, Linux for Different Purposes. So, we will only need to have Apache installed and running and we need to configure the network and the machine’s hostname.

First, we will use the default package manager for CentOS 7 YUM to install the Apache web server:

$ sudo yum install httpd

Then after that, we configure the hostname:

$ sudo nano /etc/hostname

And we make sure it looks like this:


After that, we go to each hosts file and we configure the domain to the default localhost while adding the list of all the servers with their IP addresses:

$ sudo nano /etc/hosts


This part is only needed if there is no reliable DNS server inside the infrastructure that can resolve all the infrastructure servers.

We change the default localhost address domain name:  webserver1  Webserver1.packt.co.uk

Then, we add the following lines:  haproxy  haproxy.packt.co.uk  Webserver1  Webserver1.packt.co.uk  Webserver2  Webserver2.packt.co.uk  Webserver3  Webserver3.packt.co.uk  backupWebserver   backupWebserver.packt.co.uk

Before finishing, we need to open the HTTPS and HTTPS ports at the webserver firewall to make the service accessible for the visitors:

$ sudo firewall­cmd ­­permanent ­­zone=public ­­add­port=80/tcp
$ sudo firewall­cmd ­­permanent ­­zone=public ­­add­port=443/tcp
$ sudo firewall­cmd ­­reload

By this step, we can say that we have all our web servers ready. We can now move to our HAProxy server installation. First, we need to open the needed ports for the web service and log reception used by HAProxy:

$ sudo firewall­cmd ­­permanent ­­zone=public ­­add­port=80/tcp
$ sudo firewall­cmd ­­permanent ­­zone=public ­­add­port=443/tcp
$ sudo firewall­cmd ­­permanent ­­zone=public ­­add­port=514/udp
$ sudo firewall­cmd ­­reload

Then, we can start the installation:

$ sudo yum install haproxy

And now, we go to the configuration part. Before doing the main HAProxy configuration, we need to setup the HAProxy logging feature configuration for debugging:

$ sudo nano /etc/haproxy/haproxy.cfg

Under the #Global settings options, we need to make sure that the following line is not commented:

log local2 info

Some minor modification needs to happen at the Rsyslog configuration file too:

$ sudo nano /etc/rsyslog.conf

That is where we need to uncomment the following two lines:

$ModLoad imudp
$UDPServerRun 514

Before finishing, we need to have a file that represents HAProxy at the Rsyslog log folder:

$ sudo nano /etc/rsyslog.d/haproxy.conf

And while creating it using Nano, we need to put the following line inside it:

local2.*  /var/log/haproxy.log

Save the file, then apply the changes and restart Rsyslog service:

$ sudo systemctl restart rsyslog.service

Now, we can go to the HAProxy Global settings configuration:

$ sudo nano /etc/haproxy/haproxy.cfg

First, at the default section, we need to setup the timeout for a more personalized solution. Since our server is just doing the load balancing, we can always use port 80. So, we need to take over that port, by removing its association to the Httpd service:

$ sudo nano /etc/httpd/conf/httpd.conf

Then, we change the listening port to anything other than 80. In our example, 8080:

Listen 8080  

Then, we go to the Main Frontend section to change the port on which the web interface is serving. So we need to change the whole section to look like the following:

Frontend  HAProxy
bind  *:80
reqadd X-Forwarded-Proto:\ http
default_backend  HAProxy

And we need to comment out the Backend section to replace it with the following:

# use_backend static  if url_static
backend HAProxy *:80
mode http
stats enable
stats hide-version
stats uri /stats
stats realm Haproxy\ Statistics
stats auth haproxy:password    # Change "password" with a well secured password
balance roundrobin 
option httpchk
option  httpclose
option forwardfor
cookie LB insert
  server webserver1 cookie webserver1 check
server webserver3 cookie webserver2 check
server webserver3 cookie webserver3 check
server backupwebserver check backup

We need to make sure that the end of the file matches our infrastructure IP addresses and hostnames. Then, we can start the HAProxy server and add it to the startup system services:

$ sudo systemctl start haproxy.service
$ sudo systemctl enable haproxy.service

To verify that there is no error at the configuration file, we can always check the service status using the following command:

$ sudo systemctl status haproxy.service -l

Then, we get each web server and put a test page just to access it and collect the test results. Then, we open the web interface of HAProxy to visualize the status of the load balancing or

If we get to see the following interface, that means that our high availability server is running well. If we need to enable https to access the web interface of HAProxy using SSL, we can always install OpenSSL and configure our server to use it.

Comments are closed.