{"id":76206,"date":"2020-09-23T16:00:00","date_gmt":"2020-09-23T13:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-set-up-an-haproxy-load-balancer-cloudsavvy-it\/"},"modified":"2020-09-23T16:00:00","modified_gmt":"2020-09-23T13:00:00","slug":"how-to-set-up-an-haproxy-load-balancer-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-an-haproxy-load-balancer-cloudsavvy-it\/","title":{"rendered":"#How to Set Up an HAProxy Load Balancer \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3cfd3c22036\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3cfd3c22036\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-an-haproxy-load-balancer-cloudsavvy-it\/#What_Is_HAProxy\" >What Is HAProxy?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-an-haproxy-load-balancer-cloudsavvy-it\/#How_To_Set_Up_HAProxy_Load_Balancing\" >How To Set Up HAProxy Load Balancing<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Set Up an HAProxy Load Balancer \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1065\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/994410dc5b8f556c57f54739726854d7\/p\/uploads\/2019\/07\/64107448.png\" alt=\"\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>HAProxy is an open source load balancer, capable of balancing any TCP based service. It\u2019s commonly used for balancing HTTP, and can help solve traffic problems on your web server. Here\u2019s how to set it up.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_Is_HAProxy\"><\/span>What Is HAProxy?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Load balancers like HAProxy allow you to split traffic over multiple servers, making it easier to handle. Instead of pointing your IP at your web server, you\u2019d point it at an HAProxy server, which would decide where to send it from there. HAProxy is very lightweight, and doesn\u2019t need a lot of resources to operate, so you can use a single load balancer for many backend servers. Ideally, you want both your HAProxy server and your web servers to be hosted in the same datacenter, from the same cloud provider, to cut down on latency.<\/p>\n<p>HAProxy also allows your network to be more resilient. If one web server goes down, HAProxy can route traffic to the rest while you diagnose the issue. For it to be truly resilient, you\u2019ll want to have a backup HAProxy server, in case your load balancer goes down.<\/p>\n<p>Even with HAProxy, you\u2019ll still often want a full site CDN in front of it, both to handle additional load and to have multiple points of presence closer to the end user.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_To_Set_Up_HAProxy_Load_Balancing\"><\/span>How To Set Up HAProxy Load Balancing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>First, install HAProxy from your distro\u2019s package manager. For Debian based systems like Ubuntu, that would be:<\/p>\n<pre>apt-get install haproxy<\/pre>\n<p>Next, you\u2019ll need to turn it on by editing the init <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">script<\/a> at <code>\/etc\/default\/haproxy<\/code>\u00a0and setting <code>ENABLED<\/code> to 1:<\/p>\n<pre>ENABLED=1<\/pre>\n<p>Now, if you run <code>service haproxy<\/code>, you should see that it is enabled and ready to be configured. We\u2019ll start by archiving the default configuration file:<\/p>\n<pre>mv \/etc\/haproxy\/haproxy.cfg\u00a0\/etc\/haproxy\/haproxy.cfg.old<\/pre>\n<p>Create a new config file in its place, and start by adding a few global settings:<\/p>\n<pre>global&#13;\n\u00a0 \u00a0 log 127.0.0.1 local0 notice&#13;\n\u00a0 \u00a0 maxconn 2000&#13;\n\u00a0 \u00a0 user haproxy&#13;\n\u00a0 \u00a0 group haproxy&#13;\n    stats enable&#13;\n    stats uri \/haproxy?stats&#13;\n    stats realm HAProxy Statistics&#13;\n    stats auth admin:password<\/pre>\n<p>The <code>log<\/code>\u00a0setting specifies the syslog server that HAProxy sends logs to. You\u2019ll need to have a server like rsyslog running to make use of this. The <code>maxconn<\/code>\u00a0setting specifies the max concurrent connections, and <code>user<\/code>\u00a0and <code>group<\/code>\u00a0specify which Unix user HAProxy operates as.<\/p>\n<p>The last few lines turn on HAProxy\u2019s built in statistics page, which you can view by navigating to the URI in your browser. In this case, that would be <code>http:\/\/your_ip\/haproxy?stats<\/code>, but you can view a <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"http:\/\/demo.1wt.eu\/\">demo of it here<\/a>.<\/p>\n<p>Next, we\u2019ll set the default config that will apply to all <code>listen<\/code> blocks if they don\u2019t make any changes to it:<\/p>\n<pre>defaults&#13;\n    log global&#13;\n    mode http&#13;\n    option httplog&#13;\n    option dontlognull&#13;\n    retries 3&#13;\n    option redispatch&#13;\n    timeout connect 5000&#13;\n    timeout client 10000&#13;\n    timeout server 10000<\/pre>\n<p>We\u2019re setting the default to use the global log setting, operate on HTTP, and set some settings related to connection timeouts.<\/p>\n<p>We\u2019ll create a <code>frontend<\/code> block that will do the heavy lifting, and forward connections to the backend:<\/p>\n<pre>frontend proxy&#13;\n    bind *:80&#13;\n&#13;\n    # ACL function declarations&#13;\n    acl is_abuse src_http_req_rate(Abuse) ge 10 &#13;\n    acl inc_abuse_cnt src_inc_gpc0(Abuse) gt 0 &#13;\n    acl abuse_cnt src_get_gpc0(Abuse) gt 0&#13;\n&#13;\n    # Rules&#13;\n    tcp-request connection track-sc0 src table Abuse&#13;\n    tcp-request connection reject if abuse_cnt&#13;\n    http-request deny if abuse_cnt&#13;\n    http-request deny if is_abuse inc_abuse_cnt&#13;\n&#13;\n    option httpclose&#13;\n    option forwardfor&#13;\n&#13;\n    use_backend appname<\/pre>\n<p>The first line binds this frontend to port 80, where HAProxy will listen on.<\/p>\n<p>The next two sections are for <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/medium.com\/faun\/understanding-rate-limiting-on-haproxy-b0cf500310b1\">rate limiting<\/a>. First, the access control list (ACL) functions are declared, which determine if an IP address is abusive. Then, a set of rules will reject a connection if it\u2019s making too many requests.<\/p>\n<p>The <code>forwardfor<\/code>\u00a0option will forward the client\u2019s IP address to the server. Since HAProxy acts as a reverse proxy, your nginx server would only see your HAProxy server\u2019s IP address. This option sets the \u00a0<code>X-Forwarded-For<\/code>\u00a0HTTP header to the client\u2019s IP address.<\/p>\n<p>And finally, we set this <code>frontend<\/code>\u00a0block to use the backend \u201cappname,\u201d which we\u2019ll need to create. The\u00a0<code>backend<\/code>\u00a0block simply defines the servers to forward to, along with a few options:<\/p>\n<pre>backend appname your_ip:80&#13;\n    balance roundrobin&#13;\n    cookie SERVERNAME insert&#13;\n    server web1 web1_ip:80 check cookie web1&#13;\n    server web2 web2_ip:80 check cookie web2<\/pre>\n<p>The <code>balance<\/code>\u00a0directive defines how HAProxy balances requests between servers. The most common option is <code>roundrobin<\/code>, which will rotate connections through each server in order. If you run into issues with balance, you can try using the option <code>leastconn<\/code>, which selects based on concurrent connections. If you need users to access the same server over multiple connections, you can use the <code>source<\/code>\u00a0option, which selects based on a hash of the client\u2019s IP address.<\/p>\n<p>The last two lines allocate servers to this <code>listen<\/code>\u00a0block. You give them a name (<code>web1<\/code>\u00a0and <code>web2<\/code>) specify their addresses, and then list a few options. Here, we use the <code>check<\/code> parameter to make sure the server is healthy and accepting connections, and the <code>cookie<\/code>\u00a0parameter to set the <code>SERVERNAME<\/code>\u00a0cookie (which we inserted directly above) to the name of the server, which is used for session stickiness (so the user doesn\u2019t switch servers while using your site). The <code>balance source<\/code>\u00a0option achieves this same effect.<\/p>\n<p>And because we\u2019re using rate limiting, we\u2019ll actually need another backend to store IP addresses:<\/p>\n<pre>backend Abuse&#13;\n    stick-table type ip size 100K expire 30m store gpc0,http_req_rate(10s)<\/pre>\n<p>This doesn\u2019t actually forward any connections; it functions as a table to store addresses in. Addresses are flushed after 30 minutes, so addresses deemed abusive will be blocked for 30 minutes.<\/p>\n<p>Finally, you can start the HAProxy service by running:<\/p>\n<pre>service haproxy start<\/pre>\n<\/div>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/1062\/how-to-set-up-an-haproxy-load-balancer-and-why-youd-want-to\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Set Up an HAProxy Load Balancer \u2013 CloudSavvy IT&#8221; HAProxy is an open source load balancer, capable of balancing any TCP based service. It\u2019s commonly used for balancing HTTP, and can help solve traffic problems on your web server. Here\u2019s how to set it up. What Is HAProxy? Load balancers like HAProxy allow&#8230;<\/p>\n","protected":false},"author":1,"featured_media":76207,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/07\/64107448.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-76206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=76206"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/76206\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/76207"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=76206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=76206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=76206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}