DebianLinuxTutorials

How To Install HAProxy on Debian 9

Install HAProxy on Debian 9

In this tutorial, we will show you how to install HAProxy on your Debian 9. For those of you who didn’t know, HAProxy is a free HTTP/TCP high availability load balancer and proxy server. It spreads requests among multiple servers to mitigate issues resulting from a single server failure. HA Proxy is used by a number of high-profile websites including GitHub, Bitbucket, Stack Overflow, Reddit, Tumblr, Twitter, and Tuenti, and is used in the OpsWorks product from Amazon Web Services.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation HAProxy on a Debian 9 (Stretch) server.

Prerequisites

  • A server running one of the following operating systems: Debian 9 (Stretch).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install HAProxy on Debian 9 Stretch

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt-get commands in the terminal:

apt-get update
apt-get upgrade

Step 2. Network Details.

Below is our network server. There are 3 web servers running with Apache2 and listening on port 80 and one HAProxy server:

Web Server Details:
  Server 1:    web1.idroot.us     192.168.1.101
  Server 2:    web2.idroot.us     192.168.1.102
  Server 3:    web3.idroot.us     192.168.1.103
HAProxy Server: 
  HAProxy:     haproxy                 192.168.1.18

Step 3. Installing HAProxy.

Debian 9 already ships with HAProxy 1.7 (the latest stable release at the time of writing), and we can simply install it using apt-get:

apt-get -y install haproxy

After the installation you can double-check the installed version number with the following:

haproxy -v

Step 4. Configuring HAProxy.

We have to modify the configuration file of HAProxy i.e. /etc/haproxy/haproxy.cfg as per our requirement. (Change this configuration as your network requirements). For more configuration details check this url.

### nano /etc/haproxy/haproxy.cfg

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256::RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log       global
    mode      http
    option    httplog
    option    dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend Local_Server
    bind 192.168.1.18:80
    mode http
    default_backend My_Web_Servers

backend My_Web_Servers
    mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server web1.idroot.us  192.168.1.101:80
    server web2.idroot.us  192.168.1.102:80
    server web3.idroot.us  192.168.1.103:80

listen stats *:1936
    stats enable
    stats hide-version
    stats refresh 30s
    stats show-node
    stats auth username:password
    stats uri  /stats

Since you have done with all necessary configurations for the proxy server, verify the configuration file before restarting the service using the following command:

haproxy -c -f /etc/haproxy/haproxy.cfg

If the above command returns output as “configuration file is valid” then restart the HAProxy service:

systemctl restart haproxy

Step 5. Accessing HAProxy.

Open your favorite browser and access port 80 on IP 192.168.0.18 (as configured above) in a web browser and hit refresh. You will see that HAProxy is sending requests to the backend server one by one (as per the round-robin algorithm).

Congratulations! You have successfully installed HAProxy. Thanks for using this tutorial for installing the latest version of HAProxy on the Debian 9 Stretch server. For additional help or useful information, we recommend you to check the official HAProxy website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button