HAProxy
- HAProxy Server Configuration
HAProxy (High Availability Proxy) is a reliable, fast and complete open source load balancer and proxy server. This article details its configuration and use within our server infrastructure, geared towards newcomers to system administration. HAProxy distributes network traffic across multiple servers, improving responsiveness and preventing overload on any single machine. It is crucial for maintaining high availability for services like our MediaWiki installation, Apache web servers, and MySQL databases.
== Why Use HAProxy?
Our infrastructure relies heavily on redundancy. A single point of failure can bring down critical services. HAProxy mitigates this risk by:
- **Load Balancing:** Distributing traffic across multiple backend servers.
- **High Availability:** Automatically redirecting traffic away from failed servers.
- **SSL Termination:** Offloading SSL encryption/decryption from backend servers.
- **Health Checking:** Regularly verifying the health of backend servers.
- **Session Persistence:** Ensuring users are consistently directed to the same server.
== Installation
HAProxy is available through most package managers. On Debian/Ubuntu systems:
```bash sudo apt update sudo apt install haproxy ```
On CentOS/RHEL systems:
```bash sudo yum install haproxy ```
After installation, the HAProxy configuration file is typically located at `/etc/haproxy/haproxy.cfg`. Reviewing the system logs is essential for troubleshooting.
== Basic Configuration
The core of HAProxy configuration lies in defining *frontends* and *backends*. Frontends listen for incoming connections, while backends represent the servers to which traffic is forwarded.
Here's a simple example:
``` frontend http-in
bind *:80 default_backend web_servers
backend web_servers
balance roundrobin server web1 192.168.1.10:80 check server web2 192.168.1.11:80 check
```
This configuration listens on port 80 and distributes traffic between `web1` and `web2` using a round-robin algorithm. The `check` option enables health checks. Understanding network protocols is vital for effective configuration.
== Detailed Configuration Sections
Here's a breakdown of common HAProxy configuration sections:
Global Section
The `global` section defines global settings that apply to the entire HAProxy instance.
| Parameter | Description |
|---|---|
| `log` | Specifies the log file path. |
| `maxconn` | Sets the maximum number of concurrent connections. |
| `chroot` | Specifies a chroot directory for improved security. |
| `user` | Sets the user HAProxy runs as. |
| `daemon` | Runs HAProxy as a daemon. |
Defaults Section
The `defaults` section defines default settings for frontends and backends.
| Parameter | Description |
|---|---|
| `mode` | Specifies the operating mode (http or tcp). |
| `timeout connect` | Sets the connection timeout in seconds. |
| `timeout client` | Sets the client timeout in seconds. |
| `timeout server` | Sets the server timeout in seconds. |
| `retries` | Sets the number of retries before marking a server as down. |
Frontend Section
The `frontend` section defines how HAProxy listens for incoming connections.
| Parameter | Description |
|---|---|
| `bind` | Specifies the IP address and port to listen on. |
| `default_backend` | Specifies the backend to use for incoming connections. |
| `mode` | Specifies the operating mode (http or tcp). |
| `option httpclose` | Closes connections after a request. |
| `acl` | Defines access control lists to route traffic based on various criteria. |
== Advanced Configuration
HAProxy offers many advanced features.
- **SSL Termination:** Configure SSL certificates in the frontend section to offload SSL processing. See the SSL/TLS documentation for more details.
- **Session Persistence:** Use cookies or source IP addresses to ensure users are consistently directed to the same server. This is crucial for maintaining session state.
- **Health Checks:** Advanced health checks can verify the functionality of backend applications, not just server availability. Consider application health monitoring.
- **Load Balancing Algorithms:** HAProxy supports various load balancing algorithms, including round-robin, leastconn, and source. The best algorithm depends on the application.
- **Access Control Lists (ACLs):** ACLs allow for complex traffic routing based on headers, cookies, and other criteria. Learn about firewall rules to understand ACL concepts.
== Monitoring and Logging
HAProxy provides several ways to monitor its performance and troubleshoot issues:
- **Stats Page:** Enable the stats page to view real-time statistics about HAProxy's operation. This page provides valuable insights into traffic patterns and server health.
- **System Logs:** Review the system logs (`/var/log/syslog` or `/var/log/messages`) for error messages and warnings.
- **HAProxy Logs:** Configure HAProxy to log detailed information about incoming connections and backend server interactions. Using a log analysis tool can help.
- **SNMP Support:** HAProxy supports SNMP for integration with network monitoring systems.
== Security Considerations
- **Restrict Access to Stats Page:** Protect the stats page with a strong password or restrict access to trusted IP addresses.
- **Run as Non-Root User:** Configure HAProxy to run as a non-root user for improved security.
- **Keep HAProxy Updated:** Regularly update HAProxy to patch security vulnerabilities. Follow our security update policy.
- **Firewall Configuration:** Ensure a properly configured firewall protects your HAProxy instance.
MediaWiki Apache MySQL system logs network protocols SSL/TLS documentation session state application health monitoring firewall rules log analysis tool security update policy firewall Load Balancing High Availability Server Administration Configuration Management Network Security
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️