install and configure haproxy, the software based loadbalancer in Ubuntu

by jagbir on March 2, 2011

HAProxy is a very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It’s free and open source application which is very lightweight as well. I checked few other alternatives like perlbal, pond etc. but found haproxy most competent performer.

I’m describing here the steps I followed to download, install and configure it in Ubuntu Server. We have 2 backend Web servers which will receive traffic from Load balancer host running HAProxy in front of them.

Step 1. Download, compile and install HAproxy from here :

$ cd /usr/src
$ wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.11.tar.gz
$ tar xzf haproxy-1.4.11.tar.gz 
$ cd haproxy-1.4.11
$ make install

You can find an example of config file in /usr/src/haproxy-1.4.11/examples/haproxy.cfg which you copy in /etc/haproxy and update it per your requirement.

Step 2. Update config file per your requirements:

$ mkdir /etc/haproxy
$ cp /usr/src/haproxy-1.4.11/examples/haproxy.cfg /etc/haproxy
$ cd /etc/haproxy

you can see configs I used for our server below:

$ cat haproxy.cfg
global
        log 127.0.0.1  local0
        log 127.0.0.1  local1 notice
        log loghost    local0 info
        maxconn 4096
        uid 99
        gid 99
        daemon
        #debug
        #quiet
 
defaults
        log    global
        mode    http
        option httplog
        option dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000
 
listen  web-service 0.0.0.0:80
        option forwardfor
        option httpchk OPTIONS /health_check.html
        stats enable
        stats refresh 10s
        stats hide-version
        stats scope   .
        stats uri     /lb?stats
        stats realm   LB2\ Statistics
        stats auth    admin:Adm1nn
 
        server  web1 10.x.x.x:80 check inter 2000 fall 3
        server  web2 10.x.x.x:80 check inter 2000 fall 3

Most important section in this config file is “listen” where we have several important options. Few are related to display stats and in the end there are entries of backend web server which actually serves the traffic.

I’ve used most of default options and update it little bit to accommodate my requirements. There’s lots of optimization needed and therefore this can be called as a bare configuration. I would write about further enhancements later after some more experiments.

Because backend web servers receive traffic from Load balancer so in usual case they will see IP address of Load balancer itself instead of real user, I’ve written a post earlier to fix this.

You can also use HAProxy to do content switching where it will divert traffic amoung several backend servers available based on specified conditions, I’ve written a detailed post on this topic earlier.

Step 3. Start the daemon:
After initial config, you can start daemon and check things. Let’s check syntax first:

$ haproxy -c -f /etc/haproxy/haproxy.cfg

If no issues in config, let’s start he process:

$ haproxy -f haproxy.cfg

HAProxy is started, you can quickly check its status page at http://your-lb-ip/lb?status where you need to supply user and password as per we specified in config file.

You can keep updating your config file and reload the haproxy service without having to stop/start it:

$ haproxy -f haproxy.cfg -p /var/run/haproxy.pid -st $(cat /var/run/haproxy.pid)
  • Musa

    kindly let me know what all i need to modify in this file apart from changing server IPs..

  • Musa

    now that i have installed it and configured it and when i try to run/compile the haproxy file by command ‘ haproxy -f haproxy.cfg’, i get the following error:
    [ALERT] 174/130036 (20357) : Starting proxy migital1: cannot bind socket

    Any help please?

  • http://linuxadminzone.com jagbir

    Hi Musa, looks like the socket/port which haproxy trying to use is already in use by some other program (like apache). for example if haproxy needs to run on port 80, check before starting haproxy whether port 80 is used by any other program, there should be no output, if port is not being use else it will list name of process:

    $ lsof -i :80
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    httpd 5087 root 4u IPv6 19949 TCP *:http (LISTEN)

    There are other ways also to check/fix, let me know if you have any other issues.

    Jagbir

  • Musa

    yes sir that was the issue exactly and i sorted it out…thanks for your help but i have one more issue:
    currently m monitoring hits on my webservers by avast firewall just to calculate the daily traffic and it is about, say 40 hits/sec.
    but when i today deployed the zentyal server with HAproxy configured i can see that the hits are evenly distributed to two webservers at the back end however when i detach one of the webservers, i see a strange output on my firewall. i observed that hits dont come for a minute to the attached server (most probably becoz of round-robin algo.) and after 1 minutes the hit count reaches to 200 hundred/sec for a while and then disappear again…this keeps on.
    seems HAproxy is lacking failover capability.
    i m using HAproxy first time (in deed loadbalancing first time)just let me know if my assumptions are logical..

    Regards

  • Musa

    global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice

    maxconn 8192
    user haproxy
    group haproxy
    daemon
    #debug
    #quiet

    defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    maxconn 2000
    contimeout 5000
    clitimeout 50000
    srvtimeout 50000

    listen migital1 182.xx.xx.93:80
    mode http
    stats enable
    balance roundrobin
    option httpclose
    option forwardfor
    stats auth admin:migi@123
    stats refresh 10s
    server web1 10.25.7.167:80 check inter 2000 fall 3
    server web2 10.25.7.168:80 check inter 2000 fall 3

  • http://linuxadminzone.com jagbir

    Hi Musa, please check the config options I’ve mentioned in the post. How HAproxy should decide whether backend server is live/responding or not?

    I didn’t see such line to configure it in your file:

    option httpchk OPTIONS /health_check.html

    by using this line, HAProxy will check health_check.html file in documentroot and will remove server from pool if it don’t get the response.

    HAProxy is perfect in load balancing provided you have configured it correctly. HAProxy is being used by very very big websites in the world for this purpose.

  • Musa

    Thanks for your response sir…i didnt do it becoz i was confused if i need to create the health_check.html file anywhere (on webservers or ubuntu hosting HAproxy) or does it already exist?????

    • http://linuxadminzone.com jagbir

      you need to create this file in web server’s Document Root folder so that it can be accessed as http://serverip/health_check.html

      I recommend you to read documentation for HAProxy first before jumping in.

  • Musa

    Sir, i am using IIS services on webservers not apache :(

  • Musa

    and i think i am almost close now :) everything working, i can see traffic getting redirected when one server fails… but only the problem of that 2-4 hundred hits at a time…which may affect server performance!

  • http://linuxadminzone.com jagbir

    Good to know you are close :) . You may need to check actual server logs to ascertain the traffic. HAProxy won’t generate traffic on its own, so I don’t think its causing that issue. check HAProxy stat page also while one server fails, you can get accurate no. of active connections on live server.

  • Musa

    you are absolutely right sir by saying HAproxy does not generate traffic itself but what about caching/buffering the traffic and throwing it out at once?

    moreover i had asked you one more question already but you didnt reply. The HAproxy is not getting started automatically when the server is rebooted. i need to start it manually then. :(

  • http://linuxadminzone.com jagbir

    Musa, I am not aware that a program can buffer the traffic and throw it once then. There might be something weird happening here. I guess you need to dig more.

    To start haproxy on reboot, add the command which you are using to start it in /etc/rc.local in ubuntu. Don’t forget to put command with complete path.

  • Musa

    superbbbbbbbbbbbbbbbbbbb sir superb :)
    i had been searching this solution for last 1 week…finally a great help from you :)
    it is now working automatically on reboot in deed!!!

    one more thing :P
    any idea about this error:
    $ /etc/init.d/haproxy restart
    .: 12: Can’t open /etc/rc.d/init.d/functions

  • http://linuxadminzone.com jagbir

    Its my pleasure if I’ve helped you in some way.

    I would rather use this command to restart HAProxy then one you are mentioning:

    haproxy -f haproxy -p /var/run/haproxy.pid -st $(cat /var/run/haproxy.pid)

    (change path as per your machine)

    I’ve mentioned it in post itself.

  • Musa

    Thanks again,

    i am currently confused where does ‘haproxy.pid’ reside in ubuntu 10.04?

    Regards

    • http://linuxadminzone.com jagbir

      I think default location is /var/run/ or you can try to find it:

      find /var -name “haproxy.pid”

  • Musa

    find /var -name “haproxy.pid” doesn’t return anything :(

  • http://linuxadminzone.com jagbir

    It should be somewhere, or you can fetch current pid of haproxy process and use it to restart it.

    like earlier command, if haproxy is listening on port 80, get’s it pid by:

    lsof -i :80

    or use: “ps aux | grep haproxy” or “pidof haproxy” and note down the pid and put it in restart command:

    haproxy -f haproxy -p /var/run/haproxy.pid -st pid

    let me know how it goes.

  • Musa

    well, the pid is always mentioned in haproxy?stats page…so let me check it now..

  • Musa

    Ooooo…i get following error:

    # haproxy -f haproxy -p /var/run/haproxy.pid -st 5700
    [ALERT] 178/154959 (21019) : config : no line. Nothing to do !
    [ALERT] 178/154959 (21019) : Fatal errors found in configuration.

    however when i compile the haproxy file it shows everything fine:

    # haproxy -c -f /etc/haproxy.cfg
    Configuration file is valid

    That is strange!

  • Musa

    Hello sir,

    one more urgent help please.
    I have two public IPs on ubuntu now and i want to make HAproxy listen on both the IPs….. any idea if i can do it other than using 0.0.0.0:80 to listen?

    Regards

  • Musa

    moreover, when i try to check haproxy statistics by using url http://publicipofserver/haproxy?stats, i get an error page with the following error:

    404 – File or directory not found.
    The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

    Any idea where exactly i am making mistake?

    Regards

  • Mukesh

    Hi,

    I am wondering if we need to have a “dedicated” load balancer host with HAProxy running in front end. How about having all 3 machines configured to serve the load (with a machine having HAProxy running as well among them) rather than a dedicated load balancer?

    I am planning of trying HAProxy in my 3 Ubuntu machines (MapServer installed/configured). Do you think if there’ll be any issue running it in MapServer? (I think HAProxy has nothing to do with MapServer?)

    Thanks,

  • http://linuxadminzone.com jagbir

    Mukesh, I don’t see any issue of running HAProxy on hosts serving other requests as well. You need to have your capacity planning, traffic visibility so that in case of surge or due to other application “load”/malfunctioning, haproxy should not get affected. Putting Haproxy on a small dedicate host seems a good idea to isolate any such incident, but again its not mandatory.

  • Musa

    can we install/run cacti or mrtg or munin on our server alongside HAproxy?
    i suspect it may affect HAproxy functioning?

  • http://linuxadminzone.com jagbir

    Musa, you can perfectly run monitoring applications alongside HAproxy. One exception may be when there’s hundreds/thousands of hosts to be monitored and you suspect the monitoring applications may remain busy which again can affect load balancer.

    Haproxy by itself utilize very small amount of available resources and most of time, the hardware remain underutilized. It’s fine to run monitoring apps on such hosts.

    To further isolate things, what more you can do is to install haproxy on host having virtualization capability (xen,kvm kernel). This way just create virtual host to host monitoring apps while haproxy runs independent on main host.

  • Musa

    Superb idea!!!

    Means it would be great to implement monitoring services when we are monitoring only a couple or three hosts without implementing virtualization!!!

    SO any suggestion which would be a a robust monitoring tool to install (cacti or mrtg or centreon or munin etc.) keeping in mind we mainly need to monitor network traffic. I am confused as which to implement!!

    Regards

  • http://linuxadminzone.com jagbir

    selection of any application for monitoring or any other purpose, should be mostly based on your comfortable level and experience. Anyhow, Munin/monit are light weight monitoring apps and you can consider them. I’ve already written one article on them here: http://linuxadminzone.com/quick-howto-install-and-configure-munin-for-server-monitoring/

  • prakash

    hi,

    I have installed haproxy on my linux machine and configured it with R12 EBS.while trying to open forms i am getting FRM-92050 failed to connect to the server :/forms/iservlet-1

    details its giving below message

    java exception

    java.io.IOexception:server returned HTTP response code :500

    below is my haproxy.cfg

    global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice

    maxconn 8192
    user HAproxy
    group dba
    daemon
    #debug
    #quiet

    defaults
    log global
    mode http
    option httplog
    option dontlognull
    retries 3
    option redispatch
    maxconn 2000
    contimeout 5000
    clitimeout 50000
    srvtimeout 50000

    listen bind 10.177.41.60:7777
    mode http
    stats enable
    balance roundrobin
    option httpclose
    option forwardfor
    stats auth root:****
    stats refresh 10
    server web1 10.177.41.60:8000 check inter 2000 fall 3
    server web2 10.177.41.55:8000 check inter 2000 fall 3

    thanks in advance

    Regards,
    Prakash

  • http://linuxadminzone.com jagbir

    Hi Prakash,

    just quickly, could you check status of haproxy? do it showing backend servers up? or are you able to see page when trying your backend server directly?

    Jagbir

  • prakash

    hi Jagbir,

    here is it

    [root@i3dl003 Haproxy]# ps aux|grep HAproxy
    HAproxy 5253 0.0 0.0 3540 1520 ? Ss 14:30 0:00 haproxy -f haproxy.cfg
    root 6142 0.0 0.0 3924 724 pts/14 S+ 15:09 0:00 grep HAproxy

    let me know commands to check.Also able to login to application from front end and after select system administrator->concurrent request while opening forms it giving above issue

    Thanks,
    Prakash

  • http://linuxadminzone.com jagbir

    Hi Prakash,

    here I meant, check haproxy status on browser whether your backend servers appear good in it or not by browsing http://your-lb-ip/lb?status

    it has been mentioned in article as well.

    Jagbir

    • http://www.facebook.com/srinath.menon Srinath K Menon

      Hi Jagbir ,

      Thank you for the steps on configuring HAProxy .

      I think from the sample configuration file it should be : http://your-lb-ip/lb?stats .

      Thanks,
      Srinath

  • prakash

    Hi jagbir,

    with the urls http://i3dl003.idc.oracle.com:8000 and http://i3dl001.idc.oracle.com:8000 i am able to accesses front and page.

    do let me know any other things to be checked.

    Thanks,
    Prakash

  • prakash

    hi Jagbir,

    can you please help me out n this.I am struck here and unable to proceed.

    Thanks,
    Prakash

  • prakash

    Hi Jagbir,

    can you plz help me out on this.

    Thanks,
    Prakash

  • dora

    Hi,

    Can you let me know how to configure virtual ip with haproxy and also help me out with these questions

    Couple of questions,
    - Does HAProxy expose a virtual IP?
    - Does this VIP translate to any physical IPs. Which machines is this VIP trnslation configured with?
    - Can we expose multiple VIPs and direct them across different mid-tier server farms viz one VIP for 2 IdM mid-tiers, one VIP for eBS mid-tiers (assuming that I bypass eBS registration with IdM)….similarly for BI…..etc?

    Thanks,
    Dora

    • http://linuxadminzone.com jagbir

      Hi Dora, I haven’t tried implementing VIP on HAProxy server yet and I don’t think HAProxy provide any such facility. For load balancing and failover, what we implemented is building up two separate instances of HAProxy whose IP are in DNS A records. DNS monitor the IPs and will route traffic to only live IP. Our scripts keep updating HAProxy pool of backend servers. Let me know if you found a better way to implement such scenario.

      - Jagbir

  • dora babu

    Hi Jagbir,

    I am trying to install it on solaris 5.10 and while installing “make” getting the below errors

    bash-3.00# ./make TARGET=solaris CPU=ultrasparc ARCH=64 USE_PCRE=1
    make: Fatal error in reader: Makefile, line 175: Unexpected end of line seen

    checked the makefile in the unzipped haproxy 1.4.19 it has these lines

    174 ifeq ($(TARGET),solaris)
    175 USE_POLL = implicit
    176 TARGET_CFLAGS = -fomit-frame-pointer -DFD_SETSIZE=65536 -D_REENTRANT
    177 TARGET_LDFLAGS = -lnsl -lsocket
    178 USE_TPROXY = implicit
    179 USE_LIBCRYPT = implicit
    180 USE_CRYPT_H = implicit

    unable to proceed further.

    Thanks in advance

    Thanks,
    Dora

  • dora babu

    Hi Jagbir ,

    Can i Have an update on this .

    Thanks,
    dora

  • Sam

    Hi,
    Thanks for quick setup method for haproxy. Small correction is required at step 3 for updating the config file changes and reloading service command.

    It should be changed to… (need to add .cfg, since it looks for the file.)
    $ haproxy -f haproxy.cfg -p /var/run/haproxy.pid -st $(cat /var/run/haproxy.pid)

    • jagbirs

      Thanks Sam for comment. I’ve updated the text.

Previous post:

Next post: