How-to: Basic HAProxy Example Configuration for CentOS/RHEL 6

This is a basic HAProxy configuration example that should get you up and running with the simplest of setups. This configuration will have the HAProxy Info page listening on 8080 (adjust as needed) with username/password authentication. In addition, it will also look for http://yourip/healthcheck in addition to the TCP 80 HTTP Port Probes. Why is this useful?

HAProxy will, by default, do TCP 80 port probes on any web servers you have pointed to in your configuration. As opposed to stopping Apache/Nginx/whatever on your web head and waiting for it to be removed from the load balancing pool (keeping in mind visitors to your site might receive errors while it is being removed from the pool), you simply need a file called “healthcheck” in your webroot. This will remove the web server from the pool gracefully and haproxy will direct visitors to other servers in your pool without the potential for connection timeouts.

No content is required on the health check page as HAProxy in our sample configuration will simply look for a 200 OK that the page is present. When you want to remove the server from the load balancing pool, simply move the file or delete it. You can then verify the server has been removed by visiting the management interface on *:8080.

First, install haproxy and configure it to load on startup:

yum install haproxy -y && chkconfig haproxy on

Next, clear /etc/haproxy/haproxy.conf and replace it with the config below:

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2
 
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
 
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
 
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
 
listen stats
        bind *:8080
        stats auth changeme:changeme
        mode http
        stats enable
        stats hide-version
        stats realm Haproxy\ Statistics
        stats uri /
listen webfarm *:80
       mode http
       balance roundrobin
       cookie SERVERID insert indirect
       option httpchk HEAD /healthcheck HTTP/1.0
       server webA 192.168.11.4:80 cookie A check
       server webB 192.168.11.5:80 cookie B check

You’ll want to replace “webA” and “webB” IP’s with the web servers that should be in your pool. Feel free to rename “webA” and “webB” as the naming is arbitrary.  DO NOT FORGET TO CHANGE stats auth changeme:changeme to a username and strong password. Those are the credentials you will need to login to the web interface on port 8080. Also, don’t forget to put the healthcheck file in your webroot!

Once you’ve performed those steps, you can now start haproxy up:

service haproxy restart

You should now be able to view your site. If you want to test the health check functionality, pick a server and remove the healthcheck file. Open up the management interface http://yourip:8080 and you should see that server marked as down.

Leave a Reply

Your email address will not be published. Required fields are marked *