DOWNDLOAD

Sax2 Intrusion Prevention System

  • Prevent hacker & virus attacks
  • Securing your network & business
Read More…
Free Download

HAProxy Complete Guide: Features, Deployment on CentOS, and Troubleshooting

AndyHuang

Tools

March 8, 2026

Contents hide
1. Overview of HAProxy Core Features
Main Functional Features:
2. Deployment Guide for CentOS Systems
Environment Preparation
Installing HAProxy
Basic Configuration
Service Management
Verification
3. Common Issues and Solutions
Issue 1: Service Startup Failure
Issue 2: Connection Limit Reached
Issue 3: SSL/TLS Certificate Configuration Error
Issue 4: Health Check Failures
Issue 5: High Memory Usage
Issue 6: Log Configuration Problems
4. Performance Optimization Recommendations
1. System-Level Optimization
2. HAProxy Configuration Optimization
3. Monitoring Configuration
5. Advanced Feature Configuration Examples
1. Path-Based Routing
2. WebSocket Support
3. Canary Deployment Configuration
6. Troubleshooting Toolkit
Summary
Related posts:

1. Overview of HAProxy Core Features

HAProxy (High Availability Proxy) is an open-source, high-performance TCP/HTTP load balancer and reverse proxy software widely used in modern network architectures.

Main Functional Features:

  1. Load Balancing
    • Supports multiple algorithms: round-robin, leastconn, source IP hash, etc.
    • Configurable weight distribution for differentiated traffic scheduling
  2. High Availability
    • Health check mechanisms automatically remove failed backend servers
    • Supports multi-process mode to improve concurrent processing capability
  3. SSL/TLS Termination
    • Supports SSL offloading to reduce encryption/decryption burden on backend servers
    • Configurable multi-domain SSL certificates
  4. HTTP/2 Support
    • Native support for HTTP/2 protocol
    • Can handle both HTTP/1.1 and HTTP/2 connections simultaneously
  5. Monitoring and Statistics
    • Provides real-time statistics page
    • Supports integration with monitoring systems like Prometheus
  6. Access Control
    • Access Control Lists (ACLs) based on IP, URL, HTTP headers
    • Request rate limiting

2. Deployment Guide for CentOS Systems

Environment Preparation

# Update system
sudo yum update -y

# Install EPEL repository (CentOS 7/8)
sudo yum install epel-release -y

Installing HAProxy

Method 1: YUM Installation (Recommended)

# CentOS 7/8
sudo yum install haproxy -y

# CentOS Stream 9/Rocky Linux 9/AlmaLinux 9
sudo dnf install haproxy -y

Method 2: Source Compilation (For Latest Version)

# Install compilation dependencies
sudo yum install gcc openssl-devel pcre-devel systemd-devel -y

# Download source code (using version 2.8 as example)
wget http://www.haproxy.org/download/2.8/src/haproxy-2.8.3.tar.gz
tar -xzf haproxy-2.8.3.tar.gz
cd haproxy-2.8.3

# Compile and install
make TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE=1 USE_SYSTEMD=1
sudo make install

Basic Configuration

  1. Main Configuration File Location /etc/haproxy/haproxy.cfg
  2. Minimal Configuration Example # Backup original configuration sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.backup # Edit configuration file sudo vi /etc/haproxy/haproxy.cfg
  3. Basic Load Balancing Configuration global log /dev/log local0 maxconn 4000 user haproxy group haproxy daemon defaults mode http log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend http_front bind *:80 default_backend http_back backend http_back balance roundrobin server web1 192.168.1.101:80 check server web2 192.168.1.102:80 check # Enable statistics page listen stats bind *:1936 stats enable stats uri /haproxy?stats stats realm Haproxy\ Statistics stats auth admin:password123

Service Management

# Start service
sudo systemctl start haproxy

# Enable auto-start on boot
sudo systemctl enable haproxy

# Check status
sudo systemctl status haproxy

# Restart service
sudo systemctl restart haproxy

# Reload configuration (without interrupting connections)
sudo systemctl reload haproxy

# Stop service
sudo systemctl stop haproxy

Verification

# Check version
haproxy -v

# Check configuration syntax
haproxy -c -f /etc/haproxy/haproxy.cfg

# Check listening ports
sudo ss -tlnp | grep haproxy

3. Common Issues and Solutions

Issue 1: Service Startup Failure

Symptoms:

sudo systemctl status haproxy
# Shows Active: failed

Troubleshooting Steps:

# 1. Check detailed error logs
sudo journalctl -u haproxy -n 50 --no-pager

# 2. Check configuration file syntax
sudo haproxy -c -f /etc/haproxy/haproxy.cfg

# 3. Check port occupancy
sudo ss -tlnp | grep :80
sudo ss -tlnp | grep :443

# 4. Check SELinux status
sudo getenforce
# If Enforcing, try temporarily disabling or adding rules
sudo setenforce 0  # Temporarily disable
# Or add SELinux rules
sudo setsebool -P haproxy_connect_any 1

Issue 2: Connection Limit Reached

Symptoms: Maximum connection limit reached, new connections rejected.

Solution:

# 1. Adjust system file descriptor limits
echo "fs.file-max = 1000000" | sudo tee -a /etc/sysctl.conf
echo "haproxy soft nofile 100000" | sudo tee -a /etc/security/limits.conf
echo "haproxy hard nofile 100000" | sudo tee -a /etc/security/limits.conf

# 2. Modify HAProxy configuration
sudo vi /etc/haproxy/haproxy.cfg

Add to globalsection:

global
    maxconn 50000
    ulimit-n 100000

Issue 3: SSL/TLS Certificate Configuration Error

Symptoms: HTTPS connection fails, SSL handshake error.

Solution:

# 1. Check certificate format
openssl x509 -in /path/to/certificate.pem -text -noout

# 2. Merge certificate chain (if needed)
cat domain.crt intermediate.crt root.crt > fullchain.pem

# 3. Configuration example
frontend https_front
    bind *:443 ssl crt /etc/haproxy/ssl/fullchain.pem
    http-request redirect scheme https unless { ssl_fc }
    default_backend http_back

Issue 4: Health Check Failures

Symptoms: Backend servers incorrectly marked as down.

Solution:

# Adjust health check configuration
backend app_servers
    option httpchk GET /health
    http-check expect status 200
    server app1 192.168.1.101:8080 check inter 5s fall 3 rise 2
    server app2 192.168.1.102:8080 check inter 5s fall 3 rise 2

Issue 5: High Memory Usage

Symptoms: HAProxy process memory usage continuously increases.

Solution:

# 1. Enable memory statistics
echo "show info" | sudo socat stdio /var/run/haproxy.sock

# 2. Adjust configuration for memory optimization
global
    tune.bufsize 16384
    tune.maxrewrite 1024

# 3. Limit connection pool size
defaults
    maxconn 10000

Issue 6: Log Configuration Problems

Symptoms: Logs not outputting or going to wrong location.

Solution:

# 1. Configure rsyslog
sudo vi /etc/rsyslog.d/haproxy.conf

Add content:

$ModLoad imudp
$UDPServerAddress 127.0.0.1
$UDPServerRun 514

local0.* /var/log/haproxy/haproxy.log
# 2. Create log directory
sudo mkdir -p /var/log/haproxy
sudo touch /var/log/haproxy/haproxy.log
sudo chown -R syslog:syslog /var/log/haproxy

# 3. Restart services
sudo systemctl restart rsyslog
sudo systemctl restart haproxy

4. Performance Optimization Recommendations

1. System-Level Optimization

# Adjust kernel parameters
sudo vi /etc/sysctl.conf

Add:

net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 10240
net.core.somaxconn = 10240

2. HAProxy Configuration Optimization

global
    nbproc 2  # Number of CPU cores
    nbthread 2
    cpu-map 1 0
    cpu-map 2 1

defaults
    option http-keep-alive
    timeout http-keep-alive 60s

3. Monitoring Configuration

# Install monitoring tools
sudo yum install htop iftop nethogs -y

# Real-time monitoring
htop  # View CPU/memory
iftop -i eth0  # View network traffic

5. Advanced Feature Configuration Examples

1. Path-Based Routing

frontend web_front
    bind *:80
    acl is_static path_beg /static/
    acl is_api path_beg /api/
    
    use_backend static_servers if is_static
    use_backend api_servers if is_api
    default_backend web_servers

2. WebSocket Support

frontend websocket_front
    bind *:80
    acl is_websocket hdr(Upgrade) -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    
    use_backend websocket_back if is_websocket
    default_backend http_back

3. Canary Deployment Configuration

backend app_servers
    balance roundrobin
    # 10% traffic to new version
    server app_new 192.168.1.110:8080 check weight 10
    # 90% traffic to old version
    server app_old 192.168.1.111:8080 check weight 90

6. Troubleshooting Toolkit

# 1. View logs in real-time
sudo tail -f /var/log/haproxy/haproxy.log

# 2. View statistics
echo "show stat" | sudo socat stdio /var/run/haproxy.sock | column -s, -t

# 3. View session information
echo "show sess" | sudo socat stdio /var/run/haproxy.sock

# 4. View backend server status
echo "show servers state" | sudo socat stdio /var/run/haproxy.sock

# 5. Load testing tool
sudo yum install httpd-tools -y
ab -n 10000 -c 100 http://your-haproxy-ip/

# 6. Network diagnosis
sudo tcpdump -i eth0 port 80 -w haproxy.pcap

Summary

HAProxy, as a mature high-performance load balancer, is simple to deploy on CentOS systems with flexible configuration. Through proper configuration and continuous monitoring, stable and efficient load balancing architectures can be built. When encountering issues, following the troubleshooting steps provided in this article typically allows for quick problem identification and resolution. Regular updates to HAProxy versions are recommended, along with consulting official documentation for the latest best practices.

Related posts:

  1. Metasploit Tutorial: Complete Guide in 2024
  2. How to Use Mergecap to Merge Packet Capture Files in Wireshark
  3. Analyzing TCP Failures: A Sharkfest Packet Challenge Example
  4. Top 5 Network Monitoring Tools and Services [2024]
Share this