HA Proxy / Load Balancer Step By Step Installation Guide

HA Proxy is High availability solution for load balancing and reliable flow of web application requests. It supports HTTP Web based application and TCP.
Now a days for large scale applications it’s very difficult to response multiple requests at a time for single server. Also there can be failure in single server so there is a need to have high availability environment of resources that can manage the client request and respond without failure.
Following article will provide detail about the installation of HA Proxy as a load balancing environment on virtual environment Ubuntu.
We will install HA proxy and make clusters on two servers that will share the traffic sent through HTTP requests.

Network Details

We will have applications running on webserver that will accept requests from load balancers HA proxy.
Here is network detail for application servers, Load balancing servers and virtual machine

Web Servers:

Web servers are as below:

Server 1                                  Webserver01-207                                                    10.20.123.207
Server 2                                  Webserver02-208                                                  10.20.123.208
Server 3                                  Webserver03-209                                                  10.20.123.209

Load Balancers:

Node 1 :                                  lb01-124 10.20:123:124
Node 2 :                                 lb01-125 10.20:123:125

HA Proxy Installation Guide:

Here are steps for HA Proxy installation on Ubuntu server machine

Step1 : Update Ubuntu

Update the Ubuntu system through apt command using root user
Access your HAProxy server through SSH

Sudo apt-get update
sudo apt-get install haproxy

There is just one configuration file for HA Proxy configuration.

Open the file through following command

Vim /etc/haproxy/haproxy.cfg

Step2: Edit Configuration

Here is default configuration in the haproxy.cfg

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

Step3: Adding HA Proxy Listener

We can add HA proxy listener forcefully as I have commented the line bind : 10.20.124.124 as listener and put *:80 as default listener.
In the below customized configuration there are two parts. One is frontend and backend. Frontend path is default set and bind to its own IP. Like if we have HA server 10.20.123.124 that means that frontend will be access through this IP and same for second HA server.

frontend http_front_end
bind *:80 # default HA proxy listener
#bind : 10.20.123.124 // this HA Proxy listener
stats uri /haproxy?stats
acl url_blog path_beg /application
use_backend blog_back if application_url
default_backend http_back

Step4: Adding HA Proxy Backend/forwarding webservers

backend http_back
balance roundrobin
server Webserver207 10.20.123.207:80 check
server Webserver208 10.20.123.208:80 check
server Webserver209 10:20:124.209:80 check

Second section is backend configuration where we put web server’s details as server name and its IP address.
Once load balancer gets request then it forwards the request on any of mentioned webserver. Here 80 is the default port for HTTP Request. If we want to forward request on HTTPS then port will be used as 443.
Enable Stats on HA Proxy for front end
This is an optional configuration that we can set in HA Proxy

listen stats *:1936 // default port for stats is 1936
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth username:password // default username is hastat and same password
stats uri /stats

Step5: Restart HA Proxy

Now after these configurations we have to restart HA Proxy with following command

systemctl restart haproxy

Now check the start of haproxy by following command

Step6: Status HA Proxy

systemctl status haproxy

If ha proxy configuration is correct and no error found then status will be shown as active. Here is active status ha proxy screenshot

Step7: Check stats of HA proxy on frontend

Open your HA Proxy server in browser with following URL
http://10.10.110.94/haproxy?stats
Here is screenshot of front end stats

Floating IP and the Corosync/Pacemaker cluster Installation

We use Corosync and pacemaker to float the traffic between these two load balancers.
We are going to use a virtual IP that will behave like accepting requests and will float the traffic between two load balancers where HA proxy is installed and configured.

Step 1: Corosync Installation

Here are few commands for installation of Corosync and Pacemaker
Run the following command and configuration on both HA proxy servers

apt-get install pacemaker
apt-get install corosync

after this command few more disk space and memory will be used so there will be yes no option duration installation, We have to select yes

Step 2: Corosync Configuration

Add following code to corosync configuration file on following path. Put this configuration on HA Proxy both servers.
/etc/corosync/corosync.conf

totem {
version: 2
cluster_name: ha
transport: knet
crypto_cipher: aes256
crypto_hash: sha256
}
nodelist {
node {
ring0_addr: lb07-93
name: lb07-93
nodeid: 1
}
node {
ring0_addr: lb1-124
name: lb2-125
nodeid: 2
}
}
quorum {
provider: corosync_votequorum
two_node: 1
}
logging {
to_logfile: yes
logfile: /var/log/corosync/corosync.log
to_syslog: yes
timestamp: on
}

Step3: Restart and enable corosync and Pacemaker

Following commands to restart two services corosync and pacemaker

# Enable and restart Corosync Service

sudo systemctl restart corosync.service
sudo systemctl enable corosync.service

# Enable and restart Pacemaker Service

sudo systemctl restart pacemaker.service
sudo systemctl enable pacemaker.service

To check both services up and communicating then run following command

Pcs status

You will face such type of screen with pcs status command

Now add password to the hacluser node management area through following command

passwd hacluster

Now you can add new password for hacluster node management area.
From above screen resources list will be shown as there is no resource in the list.
Resources can be added from front end of pacemaker and corosync server where we can add clusters to the nodes.

Step4: Add cluster to HA Proxy nodes

Access the front end web interface for HA Proxy nodes through which we can add cluster, resources and Virtual IP
Open the following url in browser
https://10.20.123.125:2224  and https://10.20.123.125:2224/ and you will redirect to HA proxy nodes management area. Here default username and password is hacluser

Create Cluster over here and provide the nodes names that are proxy server’s names lb01-123 and lb02-124

Step5: Add Resources to HA Proxy Nodes

Now you will have to Resources to the the nodes by clicking on resources menu. You will add two resources, As I have following resources in a group
⦁ VIrtualIP where we select ofc:heartbeat with IPAddr2 and also provide Virtual IP Address
⦁ Second resource we select systemd and haproxy from the options
Note: During this option you can face an issue that I have solved through following command on these HAProxy nodes

pcs property set stonith-enabled=false

If you have set all and you can see above screenshot configuration in browser then you are almost done.
Now you have virtual IP 10.10.110.95 as virtual ip where you can receive traffic, This virtual ip will forward the traffic on load blancer 10.20.123.124 and 10.20.123.125. These load balancer will forward the traffic on webserver where actual application is deployed.
Load balancer will manage the traffic as per capacity and you can view the traffic on stats manager through following url

Step6: View Stats on haproxy stats manager

Hit the virtual IP in browser and this will floats its traffic on HA proxy servers. You can check traffic here.

http://10.20.123.124/haproxy?stats
http://10.20.123.125/haproxy?stats

Here is final screenshot where all traffic and be viewed.