Computer >> Computer tutorials >  >> System >> Linux

Using HAProxy as a Load Balancer for Nginx

In this article we’ll show how to configure the HAProxy as a load balancer for two Nginx web servers (you can replace it with Apache). CentOS is used as a host operating system in all cases.

HAProxy is a server software to provide high availability and load balancing for TCP and HTTP apps by distributing incoming requests between multiple backend servers. HAProxy is used on many popular resources like Twitter, Instagram, Github, Amazon, etc.

HAProxy is installed on a separate server that accepts client requests and redirects them to Nginx web servers. You can see the general system architecture below:

Using HAProxy as a Load Balancer for Nginx

Nginx Configuration on Backend Servers

We start with the installation and configuration of Nginx on our web servers the load will be balanced between. Install EPEL repository and nginx using yum (or dnf on RHEL/CentOS 8):

#yum install epel-release -y
#yum install nginx -y

Then, in nginx.conf files specify that the servers must process requests from HAProxy server and backend servers only:

Backend server 1:

server {
        listen      current_server_IP_address:80 default_server;
        allow second_backend_server_IP_address;
        allow IP_haproxy;
        deny all;	
        server_name  _;
        root         /usr/share/nginx/html;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        location / {
        }

Backend server 2: 

server {
        listen       current_server_IP_address:80 default_server;
        allow first_backend_server_IP_address;
        allow IP_haproxy;
        deny all;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

The nginx configuration file is default, we have just added the servers to listen IP and denied access to everyone except our servers using allow and deny directives.

In order the web server could start working, open the firewall HTTP port using firewalld or iptables:

#firewall-cmd --permanent –add-service=http
#firewall-cmd –reload

Perform a test check on any of your backend servers:

# curl IP_of_the_second_server 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "https://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
here you will get an html file

The server has returned a standard nginx index file. To make the check more convenient, I have changed the contents of the index file on each backend server to see in my browser, which server has processed a current request.

The nginx index file is located in /usr/share/nginx/html/.

HAProxy Load Balancer Configuration

Let’s install and configure HAProxy on the server that will be used as a load balancer.

Install the HAProxy:
#yum install epel-release -y
#yum install haproxy -y

Running transaction
Installing : haproxy-1.5.18-9.el7.x86_64 1/1
Verifying : haproxy-1.5.18-9.el7.x86_64 1/1
Installed:
haproxy.x86_64 0:1.5.18-9.el7
Complete!

To enable HAProxy, you need to add Enabled=1 to the /etc/default/haproxy file:

#nano /etc/default/haproxy

Using HAProxy as a Load Balancer for Nginx

Now let’s move on to HAProxy configuration. In our simplest configuration, the load balancer server will process all HTTP requests and send them in turn to backend servers:

#nano /etc/haproxy/haproxy.cfg

log         /dev/log local0

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

defaults
    mode                    http
    log                       global
    option                  httplog
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend  www
    bind balancer_IP_address:80
    default_backend nginx_pool

backend nginx_pool
    balance     roundrobin
    mode http
    server  web1 IP_of_the_first_backend_server:80 check
    server  web2 IP_of_the_second_backend_server:80 check

After saving your configuration, do check the haproxy.cfg syntax:

#haproxy -f /etc/haproxy/haproxy.cfg -c

If it is OK, you will get a message like this:

Configuration file is valid

Then restart HAProxy and add it to Linux startup. And open the HTTP port in the firewall.

#systemctl restart haproxy
#systemctl enable haproxy
#firewall-cmd —permanent –add-service=http
#firewall-cmd –reload

Thus, the load balancer has been configured. Let’s check it by opening the HAProxy server IP address in a browser:

Using HAProxy as a Load Balancer for Nginx

As you can see, both servers have returned the content in turn, so the balancer is working.

Haproxy.cfg Configuration File Parameters

Let’s consider the main examples of HAProxy algorithms:

  • roundrobin — is the default algorithm, sends requests to the servers in turn. We have used this method in our example.
  • leastconn – selects a server with the least number of active connections. It is recommended to be applied for projects, in which sessions are used for a long time.
  • source – selects a server based on a hash of user IP addresses. In this mode, a client will connects the same web server if the user IP address remains unchanged.

Let’s describe some configuration file parameters.

The global block:

  • log — writes the log in /dev/log saving local0 as the object value
  • chroot — security settings, locks HAProxy to the specified directory
  • maxconn — the maximum number of concurrent connections per process
  • daemon — running a process as a daemon

The default block. This block sets the default parameters for all other sections following it:

  • log — sets which log are the entries written to (in this case, global means that the parameters set in the global section are used)
  • mode — sets the communication protocol and has one of the following values: tcp, http or health
  • retries — the number of attempts to connect to the server in case of a failure
  • option httplog — the log format used if HAProxy is proxying HTTP requests
  • option redispatch — allows a program to terminate and redispatch a session in case of a server failure
  • contimeout — the maximum waiting time till the connection with the server is successfully established

There are also a lot of parameters related to different timeouts.

Collecting HAProxy Stats

Add the stats block to the configuration file:

listen stats
    bind :10001
    stats enable
    stats uri /haproxy_stats
    stats auth admin:admin

Description:

  • bind – the port you can view the statistics on
  • stats enable – enables statistic reports
  • stats uri – sets the statistics page address
  • stats auth – login and password to access
You can specify any TCP port you like. If the one specified above is busy or does not suit you.

Accept the incoming connection on port specified above in your firewall:

firewall-cmd --permanent –add-port=10001/tcp
firewall-cmd –reload

To view the HAProxy reports, follow this link:

https://hostname_haproxy:10001/haproxy_stats

Using HAProxy as a Load Balancer for Nginx Open the balancer IP address in your browser and start pressing F5. The HAproxy statistics will change.

In this article we have considered basic HAProxy configuration. There are more cases of using HAProxy module.

In our schema, the load balancing HAProxy server becomes a single point of failure. To increase the fault tolerance of your web service, you can add another HAProxy server and implement the high-availability load balancer configuration using Keepalived. You will get a schema like this:

Using HAProxy as a Load Balancer for Nginx