Master HAProxy: Build High‑Performance L7/L4 Load Balancers & HA Clusters
This guide introduces HAProxy, an open‑source L4/L7 load balancer, and walks through its core features, performance and stability characteristics, step‑by‑step installation on CentOS 7, configuration of both L7 and L4 balancing, monitoring, and setting up high‑availability with Keepalived.
What is HAProxy
HAProxy is a free, open‑source load‑balancing software that runs on most Linux distributions. It supports both L4 (TCP) and L7 (HTTP) balancing and offers a rich set of features.
Core Functions
Load balancing with many algorithms (round‑robin, static‑RR, least‑conn, IP‑hash, URI‑hash, etc.)
Health checking (TCP and HTTP)
Session persistence via cookies
SSL termination
HTTP request rewriting and redirection
Web‑based statistics and monitoring
Key Characteristics
Performance
Single‑threaded, event‑driven, non‑blocking architecture processes hundreds of requests in <1 ms and uses only a few kilobytes per connection.
O(1) event checker, zero‑copy forwarding and other kernel‑level optimisations keep CPU usage low.
Tests on version 1.4 showed >100 000 requests / s and full 10 Gbps line utilisation.
Stability
HAProxy runs as a single process; its author claims no crash‑inducing bugs in 13 years of production. Stability depends on a modern Linux kernel (2.6 or 3.x) and sufficient memory.
Run on a 3.x kernel.
Dedicate the host to HAProxy only.
Provide a standby node for hardware failures.
Typical sysctl tuning (example values provided).
<code>net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.ipv4.tcp_max_orphans = 60000
net.ipv4.tcp_synack_retries = 3
net.core.somaxconn = 10000
</code>Installation and Basic Run on CentOS 7
Create a dedicated user “ha”, download the source, compile and install:
<code>wget http://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz
tar -xzf haproxy-1.7.2.tar.gz
make PREFIX=/home/ha/haproxy TARGET=linux2628
make install PREFIX=/home/ha/haproxy
</code>Typical
globaland
defaultssections are shown below (excerpt):
<code>global
daemon
maxconn 256
pidfile /home/ha/haproxy/conf/haproxy.pid
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
option httpchk GET /healthCheck.html
</code>Building an L7 Load Balancer
Create
/home/ha/haproxy/conf/haproxy.cfgwith a simple configuration that defines a frontend listening on port 9001, ACLs for URI prefixes, three backend groups (ms1, ms2, default) and a statistics page.
<code>global
daemon
maxconn 30000
user ha
pidfile /home/ha/haproxy/conf/haproxy.pid
log 127.0.0.1 local0 info
log 127.0.0.1 local1 warning
defaults
mode http
log global
option http-keep-alive
option forwardfor
option httplog
timeout connect 5000ms
timeout client 10000ms
timeout server 50000ms
option httpchk GET /healthCheck.html
frontend http-in
bind *:9001
acl url_ms1 path_beg -i /ms1/
acl url_ms2 path_beg -i /ms2/
use_backend ms1 if url_ms1
use_backend ms2 if url_ms2
default_backend default_servers
backend ms1
balance roundrobin
cookie HA_STICKY_ms1 insert indirect nocache
server ms1.srv1 192.168.8.111:8080 cookie ms1.srv1 maxconn 300 check
server ms1.srv2 192.168.8.112:8080 cookie ms1.srv2 maxconn 300 check
backend ms2
balance roundrobin
cookie HA_STICKY_ms2 insert indirect nocache
server ms2.srv1 192.168.8.111:8081 cookie ms2.srv1 maxconn 300 check
server ms2.srv2 192.168.8.112:8081 cookie ms2.srv2 maxconn 300 check
backend default_servers
balance roundrobin
cookie HA_STICKY_def insert indirect nocache
server def.srv1 192.168.8.111:8082 cookie def.srv1 maxconn 300 check
server def.srv2 192.168.8.112:8082 cookie def.srv2 maxconn 300 check
listen stats
bind *:1080
stats refresh 30s
stats uri /stats
stats realm HAProxy\ Stats
stats auth admin:admin
</code>After starting HAProxy, the statistics page (e.g.,
http://192.168.8.110:1080/stats) shows health status, connection counts, session rates, etc.
L4 Mode Example
In TCP mode HAProxy does not parse HTTP, so features like URI‑based routing or cookie persistence are unavailable, but performance is higher. Example configuration:
<code>global
daemon
maxconn 30000
user ha
pidfile /home/ha/haproxy/conf/haproxy.pid
log 127.0.0.1 local0 info
log 127.0.0.1 local1 warning
defaults
mode tcp
log global
option tcplog
timeout connect 5000ms
timeout client 10000ms
timeout server 10000ms
option httpchk GET /healthCheck.html
frontend http-in
bind *:9002
default_backend default_servers
backend default_servers
balance roundrobin
server def.srv1 192.168.8.111:8082 maxconn 300 check
server def.srv2 192.168.8.112:8082 maxconn 300 check
</code>High‑Availability with Keepalived
Deploy two HAProxy instances on separate hosts and run Keepalived on each. Keepalived manages a virtual IP; the node with the highest weight becomes MASTER. A simple
vrrp_scriptchecks that HAProxy is running, and the configuration file defines the virtual router ID, priority, and the virtual IP (e.g., 192.168.8.201).
<code>global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance VI_1 {
state MASTER
interface enp0s25
virtual_router_id 51
priority 101
advert_int 1
virtual_ipaddress {
192.168.8.201
}
track_script {
chk_haproxy
}
}
</code>When the MASTER HAProxy stops, Keepalived on the BACKUP node takes over the virtual IP, providing seamless failover.
Efficient Ops
This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.