Installing HaProxy in Debian 8

there’s a package in debian 8 repository however it’s not the newest version (1.5), so in order to have the most recent release (1.6.5) we are going to compile it from source.

You can download it from the official page http://www.haproxy.org/#down.

First we have to untar it and then install some of the dependencies and the compiler, we can do this with the package manager.

tar xzvf PATH_TO_SRC/haproxy-1.6.5.tar.gz

apt-get install build-essential libpcre3-dev libssl-dev zlib1g-dev

Now we have the necessary to build HaProxy.

cd PATH_TO_SRC/haproxy-1.6.5.tar.gz

make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 
make install

Now we have haproxy installed, you can verify it with, we can also check that it compiled with the options we passed.

haproxy -vv

Which should return.

HA-Proxy version 1.6.5 2016/05/10
 Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
 TARGET = linux2628
 CPU = generic
 CC = gcc
 CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
 OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
 maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
 Built with zlib version : 1.2.8
 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
 Built with OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015
 Running on OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015
 OpenSSL library supports TLS extensions : yes
 OpenSSL library supports SNI : yes
 OpenSSL library supports prefer-server-ciphers : yes
 Built with PCRE version : 8.35 2014-04-04
 PCRE library supports JIT : no (USE_PCRE_JIT not set)
 Built without Lua support
 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
 epoll : pref=300, test result OK
 poll : pref=200, test result OK
 select : pref=150, test result OK
 Total: 3 (3 usable), will use poll.

Now we are going to configure the logs and enable it in systemd.

Open and uncomment the next section in /etc/rsyslog.conf

# provides UDP syslog reception
 $ModLoad imudp
 $UDPServerAddress 127.0.0.1
 $UDPServerRun 514

HaProxy will use syslog to log all the activity, in order to separate the logs, we are going to  create the file haproxy.conf under /etc/rsyslog.d/ with the following line:

if ($programname == 'haproxy') then -/var/log/haproxy.log

Now just restart the service

systemctl restart rsyslog.service

We still need to create a configuration file, in this case will just create a basic config file.

mkdir /{etc,run}/haproxy
vi /etc/haproxy/haproxy.cfg
global
 log 127.0.0.1:514 local0
 log 127.0.0.1:514 local1 notice
 pidfile /run/haproxy/haproxy.pid
 chroot /var/lib/haproxy
 stats socket /run/haproxy/admin.sock mode 660 level admin
 stats timeout 30s
 user haproxy
 group haproxy
 daemon

defaults
 log global
 mode http
 option httplog
 option dontlognull
 retries 3
 option redispatch
 timeout connect 5000
 timeout client 50000
 timeout server 50000

frontend NAME
 bind HOST_IP:PORT
 default_backend BACKEND_NAME
 option http-server-close
 timeout http-keep-alive 120
backend BACKEND_NAME
 balance roundrobin
 mode http
 http-request set-header X-Forwarded-Port %[dst_port]
 http-request add-header X-Forwarded-Proto https if { ssl_fc }
 option httpchk HEAD / HTTP/1.1\r\nHost:localhost
 cookie SERVERID insert indirect nocache
 server SERVER_NAME1 HOST_IP:PORT cookie a check
 server SERVER_NAME2 HOST_IP:PORT cookie b check

In this case the load balancer is configure to work on layer 7.

We have to copy some of the files from the source folder to the system, or you can just point the variables path to the source folder.

gzip PATH_TO_SRC/haproxy-1.6.5/doc/configuration.txt
mkdir /usr/share/doc/haproxy
cp PATH_TO_SRC/haproxy-1.6.5/doc/configuration.txt.gz /usr/share/doc/haproxy/
cp PATH_TO_SRC/haproxy-1.6.5/haproxy-systemd-wrapper /usr/local/sbin/ (this is the default path where haproxy installs)

Now let’s place the environment file for systemd.

vi /etc/default/haproxy
# Change the config file location if needed
 #CONFIG="/etc/haproxy/haproxy.cfg"

# Add extra flags here
 #EXTRAOPTS="-de -m 16"

We need to add the user that’s gonna execute the daemon.

useradd -m -d /var/lib/haproxy -s /bin/false haproxy

Now we have to create an init script, since we are working with systemd, we just have to create a target script instead of an init script.

open up a file with  your favourite editor and add the following.

vi /etc/systemd/system/haproxy.service
[Unit]
 Description=HAProxy Load Balancer
 Documentation=man:haproxy(1)
 Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz
 After=network.target syslog.service
 Wants=syslog.service

[Service]
 Environment=CONFIG=/etc/haproxy/haproxy.cfg
 EnvironmentFile=-/etc/default/haproxy
 ExecStartPre=/usr/local/sbin/haproxy -f ${CONFIG} -c -q
 ExecStart=/usr/local/sbin/haproxy-systemd-wrapper -f ${CONFIG} -p /run/haproxy/haproxy.pid $EXTRAOPTS
 ExecReload=/usr/local/sbin/haproxy -c -f ${CONFIG}
 ExecReload=/bin/kill -USR2 $MAINPID
 KillMode=mixed
 Restart=always

[Install]
 WantedBy=multi-user.target

Now we can start, stop and reload haproxy using systemctl.

systemctl start haproxy.service
systemctl status haproxy.service

Note: If you want to receive the origin IP address in apache’s log, put this line in apache.conf

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
This entry was posted in Debian, HaProxy, Linux, Load balancing, Systemd, Unix. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*