How to install and configure HAProxy on RHEL 7

How to install and configure HAProxy on RHEL 7

How-tos Published on 3 mins Last updated

This blog post will cover the instructions on how to install HAProxy and configure it on RHEL 7 (Red Hat Enterprise Linux).

Before we dive into the installation and configuration, first we will have to compile it.

In order to compile HAProxy we will require the following prerequisites:

yum install gcc openssl-devel readline-devel systemd-devel make pcre-devel

Once the prerequisites are installed, we will download the latest stable Lua and HAProxy:

curl https://www.lua.org/ftp/lua-5.4.2.tar.gz > lua-5.4.2.tar.gz
curl http://www.haproxy.org/download/2.3/src/haproxy-2.3.2.tar.gz > haproxy-2.3.2.tar.gz

Follow the link to view the readme.

Next we'll extract, then compile – and install:

Lua
tar xvf lua-5.4.2.tar.gz
cd lua-5.4.2
make INSTALL_TOP=/opt/lua-5.4.2 linux install
HAProxy
cd ..
tar xvf haproxy-2.3.2.tar.gz
cd haproxy-2.3.2
make USE_NS=1 \
USE_TFO=1 \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_LUA=1 \
USE_PCRE=1 \
USE_SYSTEMD=1 \
USE_LIBCRYPT=1 \
USE_THREAD=1 \
TARGET=linux-glibc \
LUA_INC=/opt/lua-5.4.2/include \
LUA_LIB=/opt/lua-5.4.2/lib
make PREFIX=/opt/haproxy-2.3.2 install

We will also create an unpreviliged user and group for HAProxy.

groupadd -g 188 haproxy
useradd -g 188 -u 188 -d /var/lib/haproxy -s /sbin/nologin -c haproxy haproxy

In order to control how HAProxy will be started, stopped, restarted, reloaded or monitored, using your text editor of choice, a SystemD Unit file /etc/systemd/system/haproxy.service will be created

[Unit]
Description=HAProxy 2.3.2
After=syslog.target network.target

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/haproxy-2.3.2
ExecStart=/opt/haproxy-2.3.2/sbin/haproxy -f $CONFIG_FILE -p $PID_FILE $CLI_OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

To set environment variables required by HAProxy and to notify SystemD when its started, a SystemD Environment file /etc/sysconfig/haproxy-2.3.2 will also be created.

# Command line options to pass to HAProxy at startup
# The default is:
#CLI_OPTIONS="-Ws"
CLI_OPTIONS="-Ws"

# Specify an alternate configuration file. The default is:
#CONFIG_FILE=/etc/haproxy/haproxy-2.3.2.conf
CONFIG_FILE=/etc/haproxy/haproxy.cfg

# File used to track process IDs. The default is:
#PID_FILE=/var/run/haproxy-2.3.2.pid
PID_FILE=/var/run/haproxy.pid

To load these configuration changes, SystemD will be reloaded:
systemctl daemon-reload

Unless it has been created already, the directory for the configuration will be created mkdir /etc/haproxy with the corresponding user and group ownership.

The final step for HAProxy installation and configuration: enable it to run at boot.
systemctl enable haproxy

Here's a sample of a simple haproxy.cfg that will load balance two IIS servers running on both 443 and 80:

global
        daemon
        log         127.0.0.1 local2     #Log configuration
        chroot      /var/lib/haproxy
        pidfile     /var/run/haproxy.pid
        maxconn     4000
        user        haproxy
        group       haproxy
        stats socket /var/lib/haproxy/stats

defaults
        mode                    http
        log                     global
        option                  tcplog
        option              dontlognull
        retries             3
        maxconn                 10000
        option              redispatch
        timeout connect 4s
        timeout client 5m
        timeout server 5m

listen stats
bind *:8080
        mode http
        option forwardfor
        option httpclose
        stats enable
        stats show-legends
        stats refresh 5s
        stats uri /stats
        stats realm Haproxy\ Statistics
        stats auth loadbalancer:loadbalancer
        stats admin if TRUE
         
listen FrontendName
bind 192.168.77.100:80,192.168.77.100:443
        mode tcp
        option tcplog
        balance leastconn
        stick on src
        stick-table type ip size 10240k expire 30m
        server RIPName0 192.168.77.200 check port 80 inter 10s rise 2 fall 3
        server RIPName1 192.168.77.201 check port 80 inter 10s rise 2 fall 3

The stats page can be accessed in a browser at http://192.168.77.10:8080/stats using the username and password 'loadbalancer', as set in the configuration file.

It should look something like this:

unnamed

Want more?

Configure HAProxy with TPROXY kernel for full transparent proxy