Note: This page is quite old and is likely out of date. My opinions may have also changed dramatically since this was written. It is here as a reference until I get around to updating it.

Notes on Setup

I setup two simple nginx webservers to test this configuration. They both served up a simple static page whose only contents was an indication of which server it was served from.

1
yum install haproxy keepalived -y

Setup the logging haproxy will use

cat << EOF > /etc/rsyslog.d/haproxy.conf
local2.*        /var/log/haproxy.log
EOF

service rsyslog restart

The following is the config that worked as an initial pass setting up haproxy. The configuration lives at /etc/haproxy/haproxy.cfg.

global
  log         /dev/log local2 info

  chroot      /var/lib/haproxy
  pidfile     /var/run/haproxy.pid
  maxconn     10000
  user        haproxy
  group       haproxy
  daemon

  stats socket /var/lib/haproxy/stats

defaults
  mode                    http
  log                     global
  option                  httplog
  option                  dontlognull
  option http-server-close
  option forwardfor       except 127.0.0.0/8
  option                  redispatch
  retries                 3
  timeout http-request    5s
  timeout queue           1m
  timeout connect         5s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           5s
  maxconn                 5000

frontend  main *:80
  default_backend             app

backend app
  balance leastconn
  server  nginx-01 192.168.122.61:80 check
  server  nginx-02 192.168.122.62:80 check

listen ssl :443
  balance leastconn
  mode    tcp
  server  nginx-01 192.168.122.61:443 check
  server  nginx-02 192.168.122.62:443 check

You will also need to open up the outbound firewall to nginx and the inbound firewall to the port.

-A INPUT  -m tcp -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -m tcp -p tcp --dport 80 -j ACCEPT

And setup haproxy to run.

systemctl enable haproxy.service
systemctl start haproxy.service