How to Configure Reverse Proxy with HAProxy in CentOS

To Configure Reverse Proxy with HAProxy in CentOS

HAProxy is an open source TCP/HTTP load balancing proxy server, which can also be configured as reverse proxy solution. It provides high performance and as well as security for the web servers. This article explains how to configure reverse proxy with HAProxy.

Testing Environment

HAProxy Server:

IP Address &ndash 192.168.5.237
Hostname &ndash node1.example.com

Backend Apache server:

IP Address &ndash 192.168.5.238
Hostname &ndash node2.example.com

Pre-requisties

Two or more backend web servers that running Apache
Fully Qualified Domain Name
Hostname resolution is must between the machines.

Entry:

192.168.5.237 node1.example.com node1
192.168.5.238 node2.example.com node2

Configuration of Reverse Proxy with HAProxy

First configure the Apache web server for backend of HAProxy on node 2.

[root@node2 ~]# yum install httpd -y
Loaded plugins: fastestmirror, langpacks
base                                                                                                                                                         | 3.6 kB  00:00:00     
extras                                                                                                                                                       | 3.4 kB  00:00:01     
updates                                                                                                                                                      | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Resolving Dependencies
-->  Running transaction check
--->  Package httpd.x86_64 0:2.4.6-40.el7.centos.4 will be installed
.
.
.
Installed:
  httpd.x86_64 0:2.4.6-40.el7.centos.4                                                                                                                                              

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7             apr-util.x86_64 0:1.5.2-6.el7             httpd-tools.x86_64 0:2.4.6-40.el7.centos.4             mailcap.noarch 0:2.1.41-2.el7            

Complete!


Start and enable httpd service with the following commands.

[root@node2 ~]# systemctl start httpd
[root@node2 ~]# systemctl enable httpd
ln -s ' /usr/lib/systemd/system/httpd.service'  ' /etc/systemd/system/multi-user.target.wants/httpd.service'

Use the below commands to allow the incoming connection from http port 80 in firewall rule.

[root@node2 ~]# firewall-cmd --permanent --add-service=http
success
[root@node2 ~]# firewall-cmd --reload
Success

Here you need to create a new index.html file under the default document root of Apache.

[root@node2 ~]# vim /var/www/html/index.html

Hi this is test page

Now configure the HAProxy in node 1. Run the following command to install the package for HAProxy.

[root@node1 ~]# yum install haproxy -y
Loaded plugins: fastestmirror, langpacks
base                                                                                                                                                         | 3.6 kB  00:00:00     
extras                                                                                                                                                       | 3.4 kB  00:00:00     
updates                                                                                                                                                      | 3.4 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Resolving Dependencies
-->  Running transaction check
--->  Package haproxy.x86_64 0:1.5.14-3.el7 will be installed
-->  Finished Dependency Resolution
.
.
.
Transaction test succeeded
Running transaction
  Installing : haproxy-1.5.14-3.el7.x86_64                                                                                                                                      1/1 
  Verifying  : haproxy-1.5.14-3.el7.x86_64                                                                                                                                      1/1 

Installed:
  haproxy.x86_64 0:1.5.14-3.el7                                                                                                                                                     

Complete!

Move the installed package to HAproxy directory and rename the default HAproxy configuration file. Then create a new configuration file for HAproxy.

[root@node1 ~]# cd /etc/haproxy/
[root@node1 haproxy]# ls
haproxy.cfg
[root@node1 haproxy]# mv haproxy.cfg haproxy.cfg.old
[root@node1 haproxy]# ls
haproxy.cfg.old



[root@node1 haproxy]# vim haproxy.cfg
Entry:

global
    daemon
    maxconn 256
 
defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
 
frontend http-in
    bind 192.168.5.237:80
    default_backend backend_servers
 
backend backend_servers
    server sv1 192.168.5.238:80 maxconn 32
 
listen admin
    bind 192.168.5.237:8080
    stats enable


Once the configuration file is created, start and enable HAproxy service.

[root@node1 ~]# systemctl start haproxy
[root@node1 ~]# systemctl enable haproxy
ln -s ' /usr/lib/systemd/system/haproxy.service'  ' /etc/systemd/system/multi-user.target.wants/haproxy.service'

Use the following command to allow the port 80 in firewall as follows,

[root@node1 ~]# firewall-cmd --permanent --add-service=http
success
[root@node1 ~]# firewall-cmd --reload
Success

HAproxy is now configured as reverse proxy. Open the browser with IP address to view the output.

Tag : CentOS HAProxy Reverse-proxy
FAQ
Q
What is Keepalived in Linux?
A
Keepalived is a routing software written in C. The main goal of this project is to provide simple and robust facilities for load balancing and high-availability to Linux system and Linux based infrastructures.
Q
What is HAProxy?
A
HAProxy is an open source TCP/HTTP load balancing proxy server, which can also be configured as a reverse proxy solution. It provides high performance and as well as security for the web servers.
Q
how to access load balancer using url instead of ip ?
A
Just you need to have a valid DNS entry. And your hostname/IP A, AAA, PTR record should be created in DNS Server.
Q
What if the Load Balancer itself becomes unavailable (power outage, connection outage, etc), isn’t all of the backend servers will also become unavailable as well? What would you recommend fo
A
You should have fallout server, so like there’s Active and passive Loadbalancer with same configuration. just install the apache heatbeat so once the Active is down the passive will take over
Q
Is this enabled by default or is it a hidden option? How can i double check this feature is enabled in HAproxy?
A
You can also set it on your own: Services -> HAProxy -> Virtual Services -> Backend Pool -> Edit Server Enable "advanced mode" Field: Option pass-through